Reduce version skew.

diff --git a/apps/ca.c b/apps/ca.c
index 2a83d1936e4c016b50a1efbafcd7a2ff07928e2a..1cf50e00294d6355b99591c0b2ce6bdfdcf42df6 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1408,6 +1408,7 @@ bad:
                        if (!NCONF_get_number(conf,section,
                                ENV_DEFAULT_CRL_HOURS, &crlhours))
                                crlhours = 0;
                        if (!NCONF_get_number(conf,section,
                                ENV_DEFAULT_CRL_HOURS, &crlhours))
                                crlhours = 0;

+                       ERR_clear_error();

                        }
                if ((crldays == 0) && (crlhours == 0) && (crlsec == 0))
                        {
                        }
                if ((crldays == 0) && (crlhours == 0) && (crlsec == 0))
                        {

diff --git a/apps/dgst.c b/apps/dgst.c
index b08e9a7c786f3059ff5fee8d9b123fcc4a340ebc..81bd870f991a5f2c2622140a6a125c98bc0d7385 100644 (file)
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -216,10 +216,10 @@ int MAIN(int argc, char **argv)
                        out_bin = 1;
                else if (strcmp(*argv,"-d") == 0)
                        debug=1;
                        out_bin = 1;
                else if (strcmp(*argv,"-d") == 0)
                        debug=1;

-               else if (strcmp(*argv,"-non-fips-allow") == 0)
-                       non_fips_allow=1;

                else if (!strcmp(*argv,"-fips-fingerprint"))
                        hmac_key = "etaonrishdlcupfm";
                else if (!strcmp(*argv,"-fips-fingerprint"))
                        hmac_key = "etaonrishdlcupfm";

+               else if (strcmp(*argv,"-non-fips-allow") == 0)
+                       non_fips_allow=1;

                else if (!strcmp(*argv,"-hmac"))
                        {
                        if (--argc < 1)
                else if (!strcmp(*argv,"-hmac"))
                        {
                        if (--argc < 1)

diff --git a/apps/dsaparam.c b/apps/dsaparam.c
index fe72c1d3dfa8fb5205143f589168c6199987f2b4..683d51391b0034d08830b3679736d4d96ce59336 100644 (file)
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -326,6 +326,7 @@ bad:
                                goto end;
                                }
 #endif
                                goto end;
                                }
 #endif

+                       ERR_print_errors(bio_err);

                        BIO_printf(bio_err,"Error, DSA key generation failed\n");
                        goto end;
                        }
                        BIO_printf(bio_err,"Error, DSA key generation failed\n");
                        goto end;
                        }


@@ -429,13 +430,19 @@ bad:
 
                assert(need_rand);
                if ((dsakey=DSAparams_dup(dsa)) == NULL) goto end;
 
                assert(need_rand);
                if ((dsakey=DSAparams_dup(dsa)) == NULL) goto end;

-               if (!DSA_generate_key(dsakey)) goto end;
+               if (!DSA_generate_key(dsakey))
+                       {
+                       ERR_print_errors(bio_err);
+                       DSA_free(dsakey);
+                       goto end;
+                       }

                if      (outformat == FORMAT_ASN1)
                        i=i2d_DSAPrivateKey_bio(out,dsakey);
                else if (outformat == FORMAT_PEM)
                        i=PEM_write_bio_DSAPrivateKey(out,dsakey,NULL,NULL,0,NULL,NULL);
                else    {
                        BIO_printf(bio_err,"bad output format specified for outfile\n");
                if      (outformat == FORMAT_ASN1)
                        i=i2d_DSAPrivateKey_bio(out,dsakey);
                else if (outformat == FORMAT_PEM)
                        i=PEM_write_bio_DSAPrivateKey(out,dsakey,NULL,NULL,0,NULL,NULL);
                else    {
                        BIO_printf(bio_err,"bad output format specified for outfile\n");

+                       DSA_free(dsakey);

                        goto end;
                        }
                DSA_free(dsakey);
                        goto end;
                        }
                DSA_free(dsakey);

diff --git a/apps/s_cb.c b/apps/s_cb.c
index 2cd73376dfaf430c4addbd860948e34b9ff02fe8..160b5bd59da4e333e550fd622fa772f11d5fc78d 100644 (file)
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -237,8 +237,8 @@ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
 
                /* If we are using DSA, we can copy the parameters from
                 * the private key */
 
                /* If we are using DSA, we can copy the parameters from
                 * the private key */

-               
-               
+
+

                /* Now we know that a key and cert have been set against
                 * the SSL context */
                if (!SSL_CTX_check_private_key(ctx))
                /* Now we know that a key and cert have been set against
                 * the SSL context */
                if (!SSL_CTX_check_private_key(ctx))

diff --git a/apps/s_client.c b/apps/s_client.c
index fc806eb67263bcd6c03cd0c911f6eb9813e0d816..95d23e8608d1d1be086fde1bb957f110309bb0a7 100644 (file)
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -357,7 +357,7 @@ static void sc_usage(void)
        BIO_printf(bio_err," -tlsextdebug      - hex dump of all TLS extensions received\n");
        BIO_printf(bio_err," -status           - request certificate status from server\n");
        BIO_printf(bio_err," -no_ticket        - disable use of RFC4507bis session tickets\n");
        BIO_printf(bio_err," -tlsextdebug      - hex dump of all TLS extensions received\n");
        BIO_printf(bio_err," -status           - request certificate status from server\n");
        BIO_printf(bio_err," -no_ticket        - disable use of RFC4507bis session tickets\n");

-# if !defined(OPENSSL_NO_NEXTPROTONEG)
+# ifndef OPENSSL_NO_NEXTPROTONEG

        BIO_printf(bio_err," -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n");
 # endif
 #endif
        BIO_printf(bio_err," -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n");
 # endif
 #endif


@@ -536,7 +536,7 @@ static int next_proto_cb(SSL *s, unsigned char **out, unsigned char *outlen, con
        ctx->status = SSL_select_next_proto(out, outlen, in, inlen, ctx->data, ctx->len);
        return SSL_TLSEXT_ERR_OK;
        }
        ctx->status = SSL_select_next_proto(out, outlen, in, inlen, ctx->data, ctx->len);
        return SSL_TLSEXT_ERR_OK;
        }

-# endif
+# endif  /* ndef OPENSSL_NO_NEXTPROTONEG */

 #endif
 
 enum
 #endif
 
 enum

diff --git a/apps/s_server.c b/apps/s_server.c
index 3f9b3704c62a3052a81cd61540c1d8c670fbbb92..7125afafc30cd5c4cb3c26f147303635546d4c48 100644 (file)
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1206,13 +1206,13 @@ int MAIN(int argc, char *argv[])
                        {
                        if (--argc < 1) goto bad;
                        srp_verifier_file = *(++argv);
                        {
                        if (--argc < 1) goto bad;
                        srp_verifier_file = *(++argv);

-                       meth=TLSv1_server_method();
+                       meth = TLSv1_server_method();

                        }
                else if (strcmp(*argv, "-srpuserseed") == 0)
                        {
                        if (--argc < 1) goto bad;
                        srpuserseed = *(++argv);
                        }
                else if (strcmp(*argv, "-srpuserseed") == 0)
                        {
                        if (--argc < 1) goto bad;
                        srpuserseed = *(++argv);

-                       meth=TLSv1_server_method();
+                       meth = TLSv1_server_method();

                        }
 #endif
                else if (strcmp(*argv,"-www") == 0)
                        }
 #endif
                else if (strcmp(*argv,"-www") == 0)


@@ -1730,7 +1730,7 @@ bad:
                }
 #endif
        
                }
 #endif
        

-       if (!set_cert_key_stuff(ctx,s_cert,s_key))
+       if (!set_cert_key_stuff(ctx, s_cert, s_key))

                goto end;
 #ifndef OPENSSL_NO_TLSEXT
        if (ctx2 && !set_cert_key_stuff(ctx2,s_cert2,s_key2))
                goto end;
 #ifndef OPENSSL_NO_TLSEXT
        if (ctx2 && !set_cert_key_stuff(ctx2,s_cert2,s_key2))


@@ -1738,7 +1738,7 @@ bad:
 #endif
        if (s_dcert != NULL)
                {
 #endif
        if (s_dcert != NULL)
                {

-               if (!set_cert_key_stuff(ctx,s_dcert,s_dkey))
+               if (!set_cert_key_stuff(ctx, s_dcert, s_dkey))

                        goto end;
                }
 
                        goto end;
                }
 


@@ -2433,6 +2433,7 @@ static int init_ssl_connection(SSL *con)
                BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf);
        str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));
        BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");
                BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf);
        str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));
        BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");

+

 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
        SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len);
        if (next_proto_neg)
 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
        SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len);
        if (next_proto_neg)


@@ -2701,6 +2702,11 @@ static int www_body(char *hostname, int s, unsigned char *context)
                                }
                        BIO_puts(io,"\n");
 
                                }
                        BIO_puts(io,"\n");
 

+                       BIO_printf(io,
+                               "Secure Renegotiation IS%s supported\n",
+                               SSL_get_secure_renegotiation_support(con) ?
+                                                       "" : " NOT");
+

                        /* The following is evil and should not really
                         * be done */
                        BIO_printf(io,"Ciphers supported in s_server binary\n");
                        /* The following is evil and should not really
                         * be done */
                        BIO_printf(io,"Ciphers supported in s_server binary\n");

diff --git a/apps/speed.c b/apps/speed.c
index 8358b12fddb16c53a6891482189e0eebd2b3ab77..9886ca3766913d647e0fc7cf88571f20b93ac9c6 100644 (file)
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -254,7 +254,7 @@ static const char *names[ALGOR_NUM]={
   "aes-128 cbc","aes-192 cbc","aes-256 cbc",
   "camellia-128 cbc","camellia-192 cbc","camellia-256 cbc",
   "evp","sha256","sha512","whirlpool",
   "aes-128 cbc","aes-192 cbc","aes-256 cbc",
   "camellia-128 cbc","camellia-192 cbc","camellia-256 cbc",
   "evp","sha256","sha512","whirlpool",

-  "aes-128 ige","aes-192 ige","aes-256 ige","ghash"};
+  "aes-128 ige","aes-192 ige","aes-256 ige","ghash" };

 static double results[ALGOR_NUM][SIZE_NUM];
 static int lengths[SIZE_NUM]={16,64,256,1024,8*1024};
 #ifndef OPENSSL_NO_RSA
 static double results[ALGOR_NUM][SIZE_NUM];
 static int lengths[SIZE_NUM]={16,64,256,1024,8*1024};
 #ifndef OPENSSL_NO_RSA


@@ -299,7 +299,7 @@ static SIGRETTYPE sig_done(int sig)
 #if defined(_WIN32)
 
 #if !defined(SIGALRM)
 #if defined(_WIN32)
 
 #if !defined(SIGALRM)

-#define SIGALRM
+# define SIGALRM

 #endif
 static unsigned int lapse,schlock;
 static void alarm_win32(unsigned int secs) { lapse = secs*1000; }
 #endif
 static unsigned int lapse,schlock;
 static void alarm_win32(unsigned int secs) { lapse = secs*1000; }

diff --git a/apps/srp.c b/apps/srp.c
index 80e1b8a6607e6f92d44a76c379276ea31709884b..9c7ae184db1627efcf6f4b0cd1b4849d118cb557 100644 (file)
--- a/apps/srp.c
+++ b/apps/srp.c
@@ -125,13 +125,13 @@ static int get_index(CA_DB *db, char* id, char type)
        if (type == DB_SRP_INDEX) 
        for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
                {
        if (type == DB_SRP_INDEX) 
        for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
                {

-               pp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, i);
-               if (pp[DB_srptype][0] == DB_SRP_INDEX  && !strcmp(id, pp[DB_srpid])) 
+               pp = sk_OPENSSL_PSTRING_value(db->db->data,i);
+               if (pp[DB_srptype][0] == DB_SRP_INDEX  && !strcmp(id,pp[DB_srpid])) 

                        return i;
                }
        else for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
                {
                        return i;
                }
        else for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
                {

-               pp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, i);
+               pp = sk_OPENSSL_PSTRING_value(db->db->data,i);

 
                if (pp[DB_srptype][0] != DB_SRP_INDEX && !strcmp(id,pp[DB_srpid])) 
                        return i;
 
                if (pp[DB_srptype][0] != DB_SRP_INDEX && !strcmp(id,pp[DB_srpid])) 
                        return i;


@@ -145,7 +145,7 @@ static void print_entry(CA_DB *db, BIO *bio, int indx, int verbose, char *s)
        if (indx >= 0 && verbose)
                {
                int j;
        if (indx >= 0 && verbose)
                {
                int j;

-               char **pp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, indx);
+               char **pp = sk_OPENSSL_PSTRING_value(db->db->data, indx);

                BIO_printf(bio, "%s \"%s\"\n", s, pp[DB_srpid]);
                for (j = 0; j < DB_NUMBER; j++)
                        {
                BIO_printf(bio, "%s \"%s\"\n", s, pp[DB_srpid]);
                for (j = 0; j < DB_NUMBER; j++)
                        {


@@ -163,7 +163,7 @@ static void print_user(CA_DB *db, BIO *bio, int userindex, int verbose)
        {
        if (verbose > 0)
                {
        {
        if (verbose > 0)
                {

-               char **pp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, userindex);
+               char **pp = sk_OPENSSL_PSTRING_value(db->db->data,userindex);

 
                if (pp[DB_srptype][0] != 'I')
                        {
 
                if (pp[DB_srptype][0] != 'I')
                        {


@@ -517,7 +517,7 @@ bad:
        /* Lets check some fields */
        for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
                {
        /* Lets check some fields */
        for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
                {

-               pp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, i);
+               pp = sk_OPENSSL_PSTRING_value(db->db->data, i);

        
                if (pp[DB_srptype][0] == DB_SRP_INDEX)
                        {
        
                if (pp[DB_srptype][0] == DB_SRP_INDEX)
                        {


@@ -533,8 +533,8 @@ bad:
 
        if (gNindex >= 0)
                {
 
        if (gNindex >= 0)
                {

-               gNrow = (char **)sk_OPENSSL_PSTRING_value(db->db->data, gNindex);
-               print_entry(db, bio_err, gNindex, verbose > 1, "Default g and N") ;
+               gNrow = sk_OPENSSL_PSTRING_value(db->db->data,gNindex);
+               print_entry(db, bio_err, gNindex, verbose > 1, "Default g and N");

                }
        else if (maxgN > 0 && !SRP_get_default_gN(gN))
                {
                }
        else if (maxgN > 0 && !SRP_get_default_gN(gN))
                {


@@ -587,7 +587,7 @@ bad:
                        if (userindex >= 0)
                                {
                                /* reactivation of a new user */
                        if (userindex >= 0)
                                {
                                /* reactivation of a new user */

-                               char **row = (char **)sk_OPENSSL_PSTRING_value(db->db->data, userindex);
+                               char **row = sk_OPENSSL_PSTRING_value(db->db->data, userindex);

                                BIO_printf(bio_err, "user \"%s\" reactivated.\n", user);
                                row[DB_srptype][0] = 'V';
 
                                BIO_printf(bio_err, "user \"%s\" reactivated.\n", user);
                                row[DB_srptype][0] = 'V';
 


@@ -634,7 +634,7 @@ bad:
                        else
                                {
 
                        else
                                {
 

-                               char **row = (char **)sk_OPENSSL_PSTRING_value(db->db->data, userindex);
+                               char **row = sk_OPENSSL_PSTRING_value(db->db->data, userindex);

                                char type = row[DB_srptype][0];
                                if (type == 'v')
                                        {
                                char type = row[DB_srptype][0];
                                if (type == 'v')
                                        {


@@ -664,9 +664,9 @@ bad:
 
                                        if (!(gNid=srp_create_user(user,&(row[DB_srpverifier]), &(row[DB_srpsalt]),gNrow?gNrow[DB_srpsalt]:NULL, gNrow?gNrow[DB_srpverifier]:NULL, passout, bio_err,verbose)))
                                                {
 
                                        if (!(gNid=srp_create_user(user,&(row[DB_srpverifier]), &(row[DB_srpsalt]),gNrow?gNrow[DB_srpsalt]:NULL, gNrow?gNrow[DB_srpverifier]:NULL, passout, bio_err,verbose)))
                                                {

-                                                       BIO_printf(bio_err, "Cannot create srp verifier for user \"%s\", operation abandoned.\n", user);
-                                                       errors++;
-                                                       goto err;
+                                               BIO_printf(bio_err, "Cannot create srp verifier for user \"%s\", operation abandoned.\n", user);
+                                               errors++;
+                                               goto err;

                                                }
 
                                        row[DB_srptype][0] = 'v';
                                                }
 
                                        row[DB_srptype][0] = 'v';


@@ -689,7 +689,7 @@ bad:
                                }
                        else
                                {
                                }
                        else
                                {

-                               char **xpp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, userindex);
+                               char **xpp = sk_OPENSSL_PSTRING_value(db->db->data,userindex);

                                BIO_printf(bio_err, "user \"%s\" revoked. t\n", user);
 
                                xpp[DB_srptype][0] = 'R';
                                BIO_printf(bio_err, "user \"%s\" revoked. t\n", user);
 
                                xpp[DB_srptype][0] = 'R';


@@ -714,7 +714,7 @@ bad:
                /* Lets check some fields */
                for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
                        {
                /* Lets check some fields */
                for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
                        {

-                       pp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, i);
+                       pp = sk_OPENSSL_PSTRING_value(db->db->data,i);

        
                        if (pp[DB_srptype][0] == 'v')
                                {
        
                        if (pp[DB_srptype][0] == 'v')
                                {

diff --git a/apps/verify.c b/apps/verify.c
index b9749dcd363dddeec7b809e38cf4d820941028cc..0f34b865ad6fe022bcbfc5a8646d42cf9eb51534 100644 (file)
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -235,13 +235,16 @@ end:
                BIO_printf(bio_err," [-engine e]");
 #endif
                BIO_printf(bio_err," cert1 cert2 ...\n");
                BIO_printf(bio_err," [-engine e]");
 #endif
                BIO_printf(bio_err," cert1 cert2 ...\n");

+

                BIO_printf(bio_err,"recognized usages:\n");
                BIO_printf(bio_err,"recognized usages:\n");

-               for(i = 0; i < X509_PURPOSE_get_count(); i++) {
+               for(i = 0; i < X509_PURPOSE_get_count(); i++)
+                       {

                        X509_PURPOSE *ptmp;
                        ptmp = X509_PURPOSE_get0(i);
                        X509_PURPOSE *ptmp;
                        ptmp = X509_PURPOSE_get0(i);

-                       BIO_printf(bio_err, "\t%-10s\t%s\n", X509_PURPOSE_get0_sname(ptmp),
-                                                               X509_PURPOSE_get0_name(ptmp));
-               }
+                       BIO_printf(bio_err, "\t%-10s\t%s\n",
+                                  X509_PURPOSE_get0_sname(ptmp),
+                                  X509_PURPOSE_get0_name(ptmp));
+                       }

        }
        if (vpm) X509_VERIFY_PARAM_free(vpm);
        if (cert_ctx != NULL) X509_STORE_free(cert_ctx);
        }
        if (vpm) X509_VERIFY_PARAM_free(vpm);
        if (cert_ctx != NULL) X509_STORE_free(cert_ctx);

diff --git a/apps/x509.c b/apps/x509.c
index e6e5e0d4e524d4f62b994c6b926c94c642b4a936..3863ab968dadb8539712b7e1a40c359a763a15e5 100644 (file)
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -288,7 +288,7 @@ int MAIN(int argc, char **argv)
                        days=atoi(*(++argv));
                        if (days == 0)
                                {
                        days=atoi(*(++argv));
                        if (days == 0)
                                {

-                               BIO_printf(STDout,"bad number of days\n");
+                               BIO_printf(bio_err,"bad number of days\n");

                                goto bad;
                                }
                        }
                                goto bad;
                                }
                        }


@@ -912,7 +912,7 @@ bad:
                                }
                        else if (text == i)
                                {
                                }
                        else if (text == i)
                                {

-                               X509_print_ex(out,x,nmflag, certflag);
+                               X509_print_ex(STDout,x,nmflag, certflag);

                                }
                        else if (startdate == i)
                                {
                                }
                        else if (startdate == i)
                                {

diff --git a/crypto/aes/aes_misc.c b/crypto/aes/aes_misc.c
index f083488ecb34aa842c7e8637945df1bf4fa72192..6c181cae8d37fb76197a75c968341b7a0ee1226c 100644 (file)
--- a/crypto/aes/aes_misc.c
+++ b/crypto/aes/aes_misc.c
@@ -50,7 +50,6 @@
  */
 
 #include <openssl/opensslv.h>
  */
 
 #include <openssl/opensslv.h>

-#include <openssl/crypto.h>

 #include <openssl/aes.h>
 #include "aes_locl.h"
 
 #include <openssl/aes.h>
 #include "aes_locl.h"
 

diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c
index 1b1e4bec8121fe58102bb4da5f7f275a494239a9..46cbe8a407697a923bc6a709ce98e239ed68d57e 100644 (file)
--- a/crypto/bio/bss_dgram.c
+++ b/crypto/bio/bss_dgram.c
@@ -81,6 +81,16 @@
 #define IP_MTU      14 /* linux is lame */
 #endif
 
 #define IP_MTU      14 /* linux is lame */
 #endif
 

+#ifdef __FreeBSD__
+/* Standard definition causes type-punning problems. */
+#undef IN6_IS_ADDR_V4MAPPED
+#define s6_addr32 __u6_addr.__u6_addr32
+#define IN6_IS_ADDR_V4MAPPED(a)               \
+        (((a)->s6_addr32[0] == 0) &&          \
+         ((a)->s6_addr32[1] == 0) &&          \
+         ((a)->s6_addr32[2] == htonl(0x0000ffff)))
+#endif
+

 #ifdef WATT32
 #define sock_write SockWrite  /* Watt-32 uses same names */
 #define sock_read  SockRead
 #ifdef WATT32
 #define sock_write SockWrite  /* Watt-32 uses same names */
 #define sock_read  SockRead

diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c
index 52b3304293a57868f9c26c6eb2be62dc4f75e6b8..7b2403185e6279f2111128eb6183744ffd3157c6 100644 (file)
--- a/crypto/bn/bn_div.c
+++ b/crypto/bn/bn_div.c
@@ -141,6 +141,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
     *
     *                                  <appro@fy.chalmers.se>
     */
     *
     *                                  <appro@fy.chalmers.se>
     */

+#undef bn_div_words

 #  define bn_div_words(n0,n1,d0)               \
        ({  asm volatile (                      \
                "divl   %4"                     \
 #  define bn_div_words(n0,n1,d0)               \
        ({  asm volatile (                      \
                "divl   %4"                     \


@@ -155,6 +156,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
     * Same story here, but it's 128-bit by 64-bit division. Wow!
     *                                  <appro@fy.chalmers.se>
     */
     * Same story here, but it's 128-bit by 64-bit division. Wow!
     *                                  <appro@fy.chalmers.se>
     */

+#  undef bn_div_words

 #  define bn_div_words(n0,n1,d0)               \
        ({  asm volatile (                      \
                "divq   %4"                     \
 #  define bn_div_words(n0,n1,d0)               \
        ({  asm volatile (                      \
                "divq   %4"                     \

diff --git a/crypto/bn/bn_gcd.c b/crypto/bn/bn_gcd.c
index 4a352119ba8aafc0a7164f14337df2e09837de32..a808f53178fb830572a6d8c2edb4eabb5063c844 100644 (file)
--- a/crypto/bn/bn_gcd.c
+++ b/crypto/bn/bn_gcd.c
@@ -205,6 +205,7 @@ err:
 /* solves ax == 1 (mod n) */
 static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
         const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);
 /* solves ax == 1 (mod n) */
 static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
         const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);

+

 BIGNUM *BN_mod_inverse(BIGNUM *in,
        const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
        {
 BIGNUM *BN_mod_inverse(BIGNUM *in,
        const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
        {

diff --git a/crypto/camellia/cmll_misc.c b/crypto/camellia/cmll_misc.c
index f44d48564c2a28a2efd9c84857e73ca0574c60c7..614b43b0b3f24afc2ca132d4726470fe452a6751 100644 (file)
--- a/crypto/camellia/cmll_misc.c
+++ b/crypto/camellia/cmll_misc.c
@@ -50,7 +50,6 @@
  */
  
 #include <openssl/opensslv.h>
  */
  
 #include <openssl/opensslv.h>

-#include <openssl/crypto.h>

 #include <openssl/camellia.h>
 #include "cmll_locl.h"
 
 #include <openssl/camellia.h>
 #include "cmll_locl.h"
 

diff --git a/crypto/cast/c_skey.c b/crypto/cast/c_skey.c
index cb6bf9fee37fa16f8bf7e1258ccd001f5b3a12dd..3c187744473b257d8d8e7d9258864c6bc6ccfe7d 100644 (file)
--- a/crypto/cast/c_skey.c
+++ b/crypto/cast/c_skey.c
@@ -56,7 +56,6 @@
  * [including the GNU Public Licence.]
  */
 
  * [including the GNU Public Licence.]
  */
 

-#include <openssl/crypto.h>

 #include <openssl/cast.h>
 #include "cast_lcl.h"
 #include "cast_s.h"
 #include <openssl/cast.h>
 #include "cast_lcl.h"
 #include "cast_s.h"

diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c
index f873ce3794452a1ba64cbae3f98b68c09076f256..bebeaf29c7bad36efb75faad841cf6527e400f31 100644 (file)
--- a/crypto/cms/cms_enc.c
+++ b/crypto/cms/cms_enc.c
@@ -74,7 +74,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
        X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
        unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL;
        unsigned char *tkey = NULL;
        X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
        unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL;
        unsigned char *tkey = NULL;

-       size_t tkeylen;
+       size_t tkeylen = 0;

 
        int ok = 0;
 
 
        int ok = 0;
 

diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c
index f88e8f3b525715f99022f6ccb2f94680b80a2ab0..b62d1bfac02b750f59021e74de3d5c2fa81ad772 100644 (file)
--- a/crypto/cms/cms_lib.c
+++ b/crypto/cms/cms_lib.c
@@ -411,9 +411,7 @@ int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
                 * algorithm  OID instead of digest.
                 */
                        || EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid)
                 * algorithm  OID instead of digest.
                 */
                        || EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid)

-                       {

                        return EVP_MD_CTX_copy_ex(mctx, mtmp);
                        return EVP_MD_CTX_copy_ex(mctx, mtmp);

-                       }

                chain = BIO_next(chain);
                }
        }
                chain = BIO_next(chain);
                }
        }

diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c
index 766ea8cac7375ed02fd6a2144de4a2c8bda0b5ca..97f0ddbbf8742b93139c8f8ab74d10f93b40ca47 100644 (file)
--- a/crypto/cryptlib.c
+++ b/crypto/cryptlib.c
@@ -704,6 +704,7 @@ void OPENSSL_cpuid_setup(void)
     }
     else
        vec = OPENSSL_ia32_cpuid();
     }
     else
        vec = OPENSSL_ia32_cpuid();

+

     /*
      * |(1<<10) sets a reserved bit to signal that variable
      * was initialized already... This is to avoid interference
     /*
      * |(1<<10) sets a reserved bit to signal that variable
      * was initialized already... This is to avoid interference

diff --git a/crypto/cryptlib.h b/crypto/cryptlib.h
index 1761f6b6687908cce502f55358ada33739edd8d3..d26f9630eade8a69e59def9922b84615bfcbbe8c 100644 (file)
--- a/crypto/cryptlib.h
+++ b/crypto/cryptlib.h
@@ -100,7 +100,7 @@ extern "C" {
 
 void OPENSSL_cpuid_setup(void);
 extern unsigned int OPENSSL_ia32cap_P[];
 
 void OPENSSL_cpuid_setup(void);
 extern unsigned int OPENSSL_ia32cap_P[];

-void OPENSSL_showfatal(const char *,...);
+void OPENSSL_showfatal(const char *fmta,...);

 void *OPENSSL_stderr(void);
 extern int OPENSSL_NONPIC_relocated;
 
 void *OPENSSL_stderr(void);
 extern int OPENSSL_NONPIC_relocated;
 

diff --git a/crypto/crypto.h b/crypto/crypto.h
index 6aeda0a9ace31b4cec2d817745045eae0bc471b9..61605769bb2b3d2016d156ee5f39f27aed832d24 100644 (file)
--- a/crypto/crypto.h
+++ b/crypto/crypto.h
@@ -488,10 +488,10 @@ void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int),
                                    long (**go)(void));
 
 void *CRYPTO_malloc_locked(int num, const char *file, int line);
                                    long (**go)(void));
 
 void *CRYPTO_malloc_locked(int num, const char *file, int line);

-void CRYPTO_free_locked(void *);
+void CRYPTO_free_locked(void *ptr);

 void *CRYPTO_malloc(int num, const char *file, int line);
 char *CRYPTO_strdup(const char *str, const char *file, int line);
 void *CRYPTO_malloc(int num, const char *file, int line);
 char *CRYPTO_strdup(const char *str, const char *file, int line);

-void CRYPTO_free(void *);
+void CRYPTO_free(void *ptr);

 void *CRYPTO_realloc(void *addr,int num, const char *file, int line);
 void *CRYPTO_realloc_clean(void *addr,int old_num,int num,const char *file,
                           int line);
 void *CRYPTO_realloc(void *addr,int num, const char *file, int line);
 void *CRYPTO_realloc_clean(void *addr,int old_num,int num,const char *file,
                           int line);

diff --git a/crypto/des/set_key.c b/crypto/des/set_key.c
index d3e69ca8b586f20c0a7ebf49e37924c953b01c3a..da4d62e1128732e396d8778f35f45f9fe84f4d8d 100644 (file)
--- a/crypto/des/set_key.c
+++ b/crypto/des/set_key.c
@@ -63,9 +63,8 @@
  * 1.1 added norm_expand_bits
  * 1.0 First working version
  */
  * 1.1 added norm_expand_bits
  * 1.0 First working version
  */

-#include "des_locl.h"
-

 #include <openssl/crypto.h>
 #include <openssl/crypto.h>

+#include "des_locl.h"

 
 OPENSSL_IMPLEMENT_GLOBAL(int,DES_check_key,0)  /* defaults to false */
 
 
 OPENSSL_IMPLEMENT_GLOBAL(int,DES_check_key,0)  /* defaults to false */
 

diff --git a/crypto/des/str2key.c b/crypto/des/str2key.c
index 9c2054bda6b9da92351d3d1a37dac671dcf0c25b..1077f99d1b27d51eb5693f40b94fae169f650e1b 100644 (file)
--- a/crypto/des/str2key.c
+++ b/crypto/des/str2key.c
@@ -56,8 +56,8 @@
  * [including the GNU Public Licence.]
  */
 
  * [including the GNU Public Licence.]
  */
 

-#include "des_locl.h"

 #include <openssl/crypto.h>
 #include <openssl/crypto.h>

+#include "des_locl.h"

 
 void DES_string_to_key(const char *str, DES_cblock *key)
        {
 
 void DES_string_to_key(const char *str, DES_cblock *key)
        {

diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h
index 9d01325af33b9387d5432eb46de0a9b679649b1c..126fc143d73bd03e87beb08af7a3078136efe3a6 100644 (file)
--- a/crypto/ec/ec.h
+++ b/crypto/ec/ec.h
@@ -274,10 +274,10 @@ int EC_GROUP_get_curve_name(const EC_GROUP *group);
 void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag);
 int EC_GROUP_get_asn1_flag(const EC_GROUP *group);
 
 void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag);
 int EC_GROUP_get_asn1_flag(const EC_GROUP *group);
 

-void EC_GROUP_set_point_conversion_form(EC_GROUP *, point_conversion_form_t);
+void EC_GROUP_set_point_conversion_form(EC_GROUP *group, point_conversion_form_t form);

 point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *);
 
 point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *);
 

-unsigned char *EC_GROUP_get0_seed(const EC_GROUP *);
+unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x);

 size_t EC_GROUP_get_seed_len(const EC_GROUP *);
 size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len);
 
 size_t EC_GROUP_get_seed_len(const EC_GROUP *);
 size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len);
 


@@ -626,8 +626,8 @@ int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *c
  */
 int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx);
 
  */
 int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx);
 

-int EC_POINT_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
-int EC_POINTs_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);
+int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx);
+int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx);

 
 /** Computes r = generator * n sum_{i=0}^num p[i] * m[i]
  *  \param  group  underlying EC_GROUP object
 
 /** Computes r = generator * n sum_{i=0}^num p[i] * m[i]
  *  \param  group  underlying EC_GROUP object


@@ -800,16 +800,16 @@ const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key);
 int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub);
 
 unsigned EC_KEY_get_enc_flags(const EC_KEY *key);
 int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub);
 
 unsigned EC_KEY_get_enc_flags(const EC_KEY *key);

-void EC_KEY_set_enc_flags(EC_KEY *, unsigned int);
-point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *);
-void EC_KEY_set_conv_form(EC_KEY *, point_conversion_form_t);
+void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags);
+point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key);
+void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform);

 /* functions to set/get method specific data  */
 /* functions to set/get method specific data  */

-void *EC_KEY_get_key_method_data(EC_KEY *, 
+void *EC_KEY_get_key_method_data(EC_KEY *key, 

        void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
        void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));

-void EC_KEY_insert_key_method_data(EC_KEY *, void *data,
+void EC_KEY_insert_key_method_data(EC_KEY *key, void *data,

        void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
 /* wrapper functions for the underlying EC_GROUP object */
        void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
 /* wrapper functions for the underlying EC_GROUP object */

-void EC_KEY_set_asn1_flag(EC_KEY *, int);
+void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag);

 
 /** Creates a table of pre-computed multiples of the generator to 
  *  accelerate further EC_KEY operations.
 
 /** Creates a table of pre-computed multiples of the generator to 
  *  accelerate further EC_KEY operations.

diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c
index d1ed66c37e76e5683cb976fe961cea32b3da892d..66ee397d86c4137af00ba1c5966137f1fa4be367 100644 (file)
--- a/crypto/ec/ec_pmeth.c
+++ b/crypto/ec/ec_pmeth.c
@@ -188,7 +188,7 @@ static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
 
        pubkey = EC_KEY_get0_public_key(ctx->peerkey->pkey.ec);
 
 
        pubkey = EC_KEY_get0_public_key(ctx->peerkey->pkey.ec);
 

-       /* NB: unlike PKS#3 DH, if *outlen is less than maximum size this is
+       /* NB: unlike PKCS#3 DH, if *outlen is less than maximum size this is

         * not an error, the result is truncated.
         */
 
         * not an error, the result is truncated.
         */
 

diff --git a/crypto/ec/ecp_mont.c b/crypto/ec/ecp_mont.c
index 079e47431b4f823dc644d2f4ae61826ed4f89fc5..f04f132c7ad689a444d539f7d3cdee185af52f83 100644 (file)
--- a/crypto/ec/ecp_mont.c
+++ b/crypto/ec/ecp_mont.c
@@ -114,7 +114,6 @@ const EC_METHOD *EC_GFp_mont_method(void)
                ec_GFp_mont_field_decode,
                ec_GFp_mont_field_set_to_one };
 
                ec_GFp_mont_field_decode,
                ec_GFp_mont_field_set_to_one };
 

-

        return &ret;
 #endif
        }
        return &ret;
 #endif
        }

diff --git a/crypto/ec/ectest.c b/crypto/ec/ectest.c
index f107782de006dff0c64aeef652ac996acad6c247..102eaa9b2326f94102eb68de7f6fce013172682f 100644 (file)
--- a/crypto/ec/ectest.c
+++ b/crypto/ec/ectest.c
@@ -236,7 +236,7 @@ static void group_order_tests(EC_GROUP *group)
        }
 
 static void prime_field_tests(void)
        }
 
 static void prime_field_tests(void)

-       {       
+       {

        BN_CTX *ctx = NULL;
        BIGNUM *p, *a, *b;
        EC_GROUP *group;
        BN_CTX *ctx = NULL;
        BIGNUM *p, *a, *b;
        EC_GROUP *group;

diff --git a/crypto/ecdh/ech_key.c b/crypto/ecdh/ech_key.c
index f44da9298b5e5655a103f9b1646fcf969b76640f..2988899ea2ab0ec80589553e1637293f29932d14 100644 (file)
--- a/crypto/ecdh/ech_key.c
+++ b/crypto/ecdh/ech_key.c
@@ -68,9 +68,6 @@
  */
 
 #include "ech_locl.h"
  */
 
 #include "ech_locl.h"

-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif

 
 int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
        EC_KEY *eckey,
 
 int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
        EC_KEY *eckey,

diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c
index bd8946d8ba0fda0614b061dc10bff314d552f8d4..edafdc0c176637b2df0ad40dd917c254393c81ee 100644 (file)
--- a/crypto/err/err_all.c
+++ b/crypto/err/err_all.c
@@ -95,6 +95,9 @@
 #include <openssl/ui.h>
 #include <openssl/ocsp.h>
 #include <openssl/err.h>
 #include <openssl/ui.h>
 #include <openssl/ocsp.h>
 #include <openssl/err.h>

+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif

 #include <openssl/ts.h>
 #ifndef OPENSSL_NO_CMS
 #include <openssl/cms.h>
 #include <openssl/ts.h>
 #ifndef OPENSSL_NO_CMS
 #include <openssl/cms.h>


@@ -104,10 +107,6 @@
 #endif
 #include <openssl/comp.h>
 
 #endif
 #include <openssl/comp.h>
 

-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-

 void ERR_load_crypto_strings(void)
        {
 #ifndef OPENSSL_NO_ERR
 void ERR_load_crypto_strings(void)
        {
 #ifndef OPENSSL_NO_ERR


@@ -153,6 +152,9 @@ void ERR_load_crypto_strings(void)
 #endif
        ERR_load_OCSP_strings();
        ERR_load_UI_strings();
 #endif
        ERR_load_OCSP_strings();
        ERR_load_UI_strings();

+#ifdef OPENSSL_FIPS
+       ERR_load_FIPS_strings();
+#endif

 #ifndef OPENSSL_NO_CMS
        ERR_load_CMS_strings();
 #endif
 #ifndef OPENSSL_NO_CMS
        ERR_load_CMS_strings();
 #endif


@@ -160,8 +162,5 @@ void ERR_load_crypto_strings(void)
        ERR_load_JPAKE_strings();
 #endif
        ERR_load_COMP_strings();
        ERR_load_JPAKE_strings();
 #endif
        ERR_load_COMP_strings();

-#endif
-#ifdef OPENSSL_FIPS
-       ERR_load_FIPS_strings();

 #endif
        }
 #endif
        }

diff --git a/crypto/evp/Makefile b/crypto/evp/Makefile
index 0fe1b96bff45209fb4e43bbf8134151d4680f5cb..a6ae5b3b0349294e73b8d0909a8dcf14e0c3f6a2 100644 (file)
--- a/crypto/evp/Makefile
+++ b/crypto/evp/Makefile
@@ -67,7 +67,7 @@ files:
 links:
        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
 links:
        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)

-       cp $(TESTDATA) ../../test
+       [ ! -f $(TESTDATA) ] || cp $(TESTDATA) ../../test

        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:

diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index 467e6b5ae9cf930775fd8e21c192294a5f2cfab7..6fc469f9c452f9b9a7e43e88a8592189a259896d 100644 (file)
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -267,6 +267,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
        return FIPS_digestfinal(ctx, md, size);
 #else
        int ret;
        return FIPS_digestfinal(ctx, md, size);
 #else
        int ret;

+

        OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
        ret=ctx->digest->final(ctx,md);
        if (size != NULL)
        OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
        ret=ctx->digest->final(ctx,md);
        if (size != NULL)

diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c
index 710fb79baf456f6865402f2673777d9f8a86d4ef..a5034d72c0f2d099d350f9bd33c5e30b9a919c38 100644 (file)
--- a/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -58,7 +58,6 @@
 #include <openssl/objects.h>
 #include <openssl/aes.h>
 #include <openssl/sha.h>
 #include <openssl/objects.h>
 #include <openssl/aes.h>
 #include <openssl/sha.h>

-#include "evp_locl.h"

 
 #ifndef EVP_CIPH_FLAG_AEAD_CIPHER
 #define EVP_CIPH_FLAG_AEAD_CIPHER      0x200000
 
 #ifndef EVP_CIPH_FLAG_AEAD_CIPHER
 #define EVP_CIPH_FLAG_AEAD_CIPHER      0x200000

diff --git a/crypto/evp/e_rc4.c b/crypto/evp/e_rc4.c
index b4f6bda82d4026ffabbc8d17eb8da76db5600435..8b5175e0fdc8a3e79639cb615404c162cc614b86 100644 (file)
--- a/crypto/evp/e_rc4.c
+++ b/crypto/evp/e_rc4.c
@@ -62,7 +62,6 @@
 #ifndef OPENSSL_NO_RC4
 
 #include <openssl/evp.h>
 #ifndef OPENSSL_NO_RC4
 
 #include <openssl/evp.h>

-#include "evp_locl.h"

 #include <openssl/objects.h>
 #include <openssl/rc4.h>
 
 #include <openssl/objects.h>
 #include <openssl/rc4.h>
 

diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h
index 0d1b20a7d38a7353ae9413fcda868fb4f0db03fb..293a52b6e7185f8d6cb9f2518027a59eccad9f5c 100644 (file)
--- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h
@@ -402,7 +402,6 @@ struct evp_cipher_st
 /* Length of tag for TLS */
 #define EVP_GCM_TLS_TAG_LEN                            16
 
 /* Length of tag for TLS */
 #define EVP_GCM_TLS_TAG_LEN                            16
 

-

 typedef struct evp_cipher_info_st
        {
        const EVP_CIPHER *cipher;
 typedef struct evp_cipher_info_st
        {
        const EVP_CIPHER *cipher;


@@ -789,8 +788,8 @@ const EVP_CIPHER *EVP_aes_128_cfb128(void);
 # define EVP_aes_128_cfb EVP_aes_128_cfb128
 const EVP_CIPHER *EVP_aes_128_ofb(void);
 const EVP_CIPHER *EVP_aes_128_ctr(void);
 # define EVP_aes_128_cfb EVP_aes_128_cfb128
 const EVP_CIPHER *EVP_aes_128_ofb(void);
 const EVP_CIPHER *EVP_aes_128_ctr(void);

-const EVP_CIPHER *EVP_aes_128_gcm(void);

 const EVP_CIPHER *EVP_aes_128_ccm(void);
 const EVP_CIPHER *EVP_aes_128_ccm(void);

+const EVP_CIPHER *EVP_aes_128_gcm(void);

 const EVP_CIPHER *EVP_aes_128_xts(void);
 const EVP_CIPHER *EVP_aes_192_ecb(void);
 const EVP_CIPHER *EVP_aes_192_cbc(void);
 const EVP_CIPHER *EVP_aes_128_xts(void);
 const EVP_CIPHER *EVP_aes_192_ecb(void);
 const EVP_CIPHER *EVP_aes_192_cbc(void);


@@ -800,8 +799,8 @@ const EVP_CIPHER *EVP_aes_192_cfb128(void);
 # define EVP_aes_192_cfb EVP_aes_192_cfb128
 const EVP_CIPHER *EVP_aes_192_ofb(void);
 const EVP_CIPHER *EVP_aes_192_ctr(void);
 # define EVP_aes_192_cfb EVP_aes_192_cfb128
 const EVP_CIPHER *EVP_aes_192_ofb(void);
 const EVP_CIPHER *EVP_aes_192_ctr(void);

-const EVP_CIPHER *EVP_aes_192_gcm(void);

 const EVP_CIPHER *EVP_aes_192_ccm(void);
 const EVP_CIPHER *EVP_aes_192_ccm(void);

+const EVP_CIPHER *EVP_aes_192_gcm(void);

 const EVP_CIPHER *EVP_aes_256_ecb(void);
 const EVP_CIPHER *EVP_aes_256_cbc(void);
 const EVP_CIPHER *EVP_aes_256_cfb1(void);
 const EVP_CIPHER *EVP_aes_256_ecb(void);
 const EVP_CIPHER *EVP_aes_256_cbc(void);
 const EVP_CIPHER *EVP_aes_256_cfb1(void);


@@ -810,8 +809,8 @@ const EVP_CIPHER *EVP_aes_256_cfb128(void);
 # define EVP_aes_256_cfb EVP_aes_256_cfb128
 const EVP_CIPHER *EVP_aes_256_ofb(void);
 const EVP_CIPHER *EVP_aes_256_ctr(void);
 # define EVP_aes_256_cfb EVP_aes_256_cfb128
 const EVP_CIPHER *EVP_aes_256_ofb(void);
 const EVP_CIPHER *EVP_aes_256_ctr(void);

-const EVP_CIPHER *EVP_aes_256_gcm(void);

 const EVP_CIPHER *EVP_aes_256_ccm(void);
 const EVP_CIPHER *EVP_aes_256_ccm(void);

+const EVP_CIPHER *EVP_aes_256_gcm(void);

 const EVP_CIPHER *EVP_aes_256_xts(void);
 #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
 const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void);
 const EVP_CIPHER *EVP_aes_256_xts(void);
 #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
 const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void);

diff --git a/crypto/evp/m_dss.c b/crypto/evp/m_dss.c
index 4ad63ada6fe228c859eccbac137c63f5c3d1d218..6fb7e9a8610517cba6ef88677ff4f0c8eb285dab 100644 (file)
--- a/crypto/evp/m_dss.c
+++ b/crypto/evp/m_dss.c
@@ -60,7 +60,7 @@
 #include "cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/objects.h>

-#include <openssl/x509.h>
+#include <openssl/sha.h>

 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif

diff --git a/crypto/evp/m_dss1.c b/crypto/evp/m_dss1.c
index f80170efeb98404e446ac24ac5ffbd1ce5e08267..2df362a6701f6b25571df07bcd1543142b6432a6 100644 (file)
--- a/crypto/evp/m_dss1.c
+++ b/crypto/evp/m_dss1.c
@@ -63,7 +63,7 @@
 
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 
 #include <openssl/evp.h>
 #include <openssl/objects.h>

-#include <openssl/x509.h>
+#include <openssl/sha.h>

 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif

diff --git a/crypto/evp/m_md4.c b/crypto/evp/m_md4.c
index 6d47f61b274595fbe1c167abda1dfa81bdc31a45..1e0b7c5b424ef615516110bae37ee89d4c654cab 100644 (file)
--- a/crypto/evp/m_md4.c
+++ b/crypto/evp/m_md4.c
@@ -69,8 +69,6 @@
 #include <openssl/rsa.h>
 #endif
 
 #include <openssl/rsa.h>
 #endif
 

-#include "evp_locl.h"
-

 static int init(EVP_MD_CTX *ctx)
        { return MD4_Init(ctx->md_data); }
 
 static int init(EVP_MD_CTX *ctx)
        { return MD4_Init(ctx->md_data); }
 

diff --git a/crypto/evp/m_md5.c b/crypto/evp/m_md5.c
index 9a8bae025803bcc220f6156ab24b131625000592..63c142119ebd76f6b06f0416f62e4b3efabc902e 100644 (file)
--- a/crypto/evp/m_md5.c
+++ b/crypto/evp/m_md5.c
@@ -68,7 +68,6 @@
 #ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
 #ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif

-#include "evp_locl.h"

 
 static int init(EVP_MD_CTX *ctx)
        { return MD5_Init(ctx->md_data); }
 
 static int init(EVP_MD_CTX *ctx)
        { return MD5_Init(ctx->md_data); }

diff --git a/crypto/evp/m_mdc2.c b/crypto/evp/m_mdc2.c
index 3602bed316a45e98fe429d4a4119b730607ac7dd..b08d5598039316478efb565a8854ca5655f74bee 100644 (file)
--- a/crypto/evp/m_mdc2.c
+++ b/crypto/evp/m_mdc2.c
@@ -69,8 +69,6 @@
 #include <openssl/rsa.h>
 #endif
 
 #include <openssl/rsa.h>
 #endif
 

-#include "evp_locl.h"
-

 static int init(EVP_MD_CTX *ctx)
        { return MDC2_Init(ctx->md_data); }
 
 static int init(EVP_MD_CTX *ctx)
        { return MDC2_Init(ctx->md_data); }
 

diff --git a/crypto/evp/m_ripemd.c b/crypto/evp/m_ripemd.c
index 7bf4804cf88840bb35c48a99933726803e0dace9..a1d60ee78d281fb643901747302b4988a3dfcea7 100644 (file)
--- a/crypto/evp/m_ripemd.c
+++ b/crypto/evp/m_ripemd.c
@@ -68,7 +68,6 @@
 #ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
 #ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif

-#include "evp_locl.h"

 
 static int init(EVP_MD_CTX *ctx)
        { return RIPEMD160_Init(ctx->md_data); }
 
 static int init(EVP_MD_CTX *ctx)
        { return RIPEMD160_Init(ctx->md_data); }

diff --git a/crypto/evp/m_sha.c b/crypto/evp/m_sha.c
index 8769cdd42fdae949e3e5d51f4fa78f0a08534ebe..acccc8f92d8e13b9cd5d50f45780f64ccc145470 100644 (file)
--- a/crypto/evp/m_sha.c
+++ b/crypto/evp/m_sha.c
@@ -67,7 +67,6 @@
 #ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
 #ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif

-#include "evp_locl.h"

 
 static int init(EVP_MD_CTX *ctx)
        { return SHA_Init(ctx->md_data); }
 
 static int init(EVP_MD_CTX *ctx)
        { return SHA_Init(ctx->md_data); }

diff --git a/crypto/evp/m_sha1.c b/crypto/evp/m_sha1.c
index 3cb11f1ebb1f3ca28cd21821f5f7612be416ee5b..bd0c01ad3c4615902a541d16408a24232a48e20d 100644 (file)
--- a/crypto/evp/m_sha1.c
+++ b/crypto/evp/m_sha1.c
@@ -65,7 +65,7 @@
 
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 
 #include <openssl/evp.h>
 #include <openssl/objects.h>

-#include <openssl/x509.h>
+#include <openssl/sha.h>

 #ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
 #ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif

diff --git a/crypto/evp/m_wp.c b/crypto/evp/m_wp.c
index c51bc2d5d1eed3f355dca8e7f7a31b3fce4a4f8c..1ce47c040bcc01fba93c972bfbbfcd467f7324eb 100644 (file)
--- a/crypto/evp/m_wp.c
+++ b/crypto/evp/m_wp.c
@@ -9,7 +9,6 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/whrlpool.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/whrlpool.h>

-#include "evp_locl.h"

 
 static int init(EVP_MD_CTX *ctx)
        { return WHIRLPOOL_Init(ctx->md_data); }
 
 static int init(EVP_MD_CTX *ctx)
        { return WHIRLPOOL_Init(ctx->md_data); }

diff --git a/crypto/evp/p_sign.c b/crypto/evp/p_sign.c
index dfa48c157cf5b6db223cfdc0e4c5abb42d208c4e..8afb664306e908e896249f6a70bcbd6cdfe6c4e5 100644 (file)
--- a/crypto/evp/p_sign.c
+++ b/crypto/evp/p_sign.c
@@ -80,7 +80,7 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
        {
        unsigned char m[EVP_MAX_MD_SIZE];
        unsigned int m_len;
        {
        unsigned char m[EVP_MAX_MD_SIZE];
        unsigned int m_len;

-       int i=0,ok=0,v;
+       int i = 0,ok = 0,v;

        EVP_MD_CTX tmp_ctx;
        EVP_PKEY_CTX *pkctx = NULL;
 
        EVP_MD_CTX tmp_ctx;
        EVP_PKEY_CTX *pkctx = NULL;
 

diff --git a/crypto/evp/p_verify.c b/crypto/evp/p_verify.c
index 5f5c409f45fca40c4eead26101ec2dcff473172a..c66d63ccf8597ebf1721551dfa1fb082c93d304e 100644 (file)
--- a/crypto/evp/p_verify.c
+++ b/crypto/evp/p_verify.c
@@ -67,7 +67,7 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
        {
        unsigned char m[EVP_MAX_MD_SIZE];
        unsigned int m_len;
        {
        unsigned char m[EVP_MAX_MD_SIZE];
        unsigned int m_len;

-       int i=-1,ok=0,v;
+       int i = 0,ok = 0,v;

        EVP_MD_CTX tmp_ctx;
        EVP_PKEY_CTX *pkctx = NULL;
 
        EVP_MD_CTX tmp_ctx;
        EVP_PKEY_CTX *pkctx = NULL;
 

diff --git a/crypto/idea/i_skey.c b/crypto/idea/i_skey.c
index afb830964df305ab31d6520cc01add13d7df68fd..2debbc12336bd73f52f5fea6e1079fcfe2d7d6ab 100644 (file)
--- a/crypto/idea/i_skey.c
+++ b/crypto/idea/i_skey.c
@@ -56,7 +56,6 @@
  * [including the GNU Public Licence.]
  */
 
  * [including the GNU Public Licence.]
  */
 

-#include <openssl/crypto.h>

 #include <openssl/idea.h>
 #include "idea_lcl.h"
 
 #include <openssl/idea.h>
 #include "idea_lcl.h"
 

diff --git a/crypto/mdc2/mdc2dgst.c b/crypto/mdc2/mdc2dgst.c
index b74bb1a759444268e88a22d0b76f0cd39cc61a68..d66ed6a1c6a388ea19fedbbcf7d75b30e80ec65a 100644 (file)
--- a/crypto/mdc2/mdc2dgst.c
+++ b/crypto/mdc2/mdc2dgst.c
@@ -59,9 +59,9 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>

+#include <openssl/crypto.h>

 #include <openssl/des.h>
 #include <openssl/mdc2.h>
 #include <openssl/des.h>
 #include <openssl/mdc2.h>

-#include <openssl/crypto.h>

 
 #undef c2l
 #define c2l(c,l)       (l =((DES_LONG)(*((c)++)))    , \
 
 #undef c2l
 #define c2l(c,l)       (l =((DES_LONG)(*((c)++)))    , \

diff --git a/crypto/mem.c b/crypto/mem.c
index 21c0011380830d647571a148707d16660d435354..1cc62eafd1221387fb000118d12449c2938a380a 100644 (file)
--- a/crypto/mem.c
+++ b/crypto/mem.c
@@ -121,10 +121,10 @@ static void (*set_debug_options_func)(long) = NULL;
 static long (*get_debug_options_func)(void) = NULL;
 #endif
 
 static long (*get_debug_options_func)(void) = NULL;
 #endif
 

-

 int CRYPTO_set_mem_functions(void *(*m)(size_t), void *(*r)(void *, size_t),
        void (*f)(void *))
        {
 int CRYPTO_set_mem_functions(void *(*m)(size_t), void *(*r)(void *, size_t),
        void (*f)(void *))
        {

+       /* Dummy call just to ensure OPENSSL_init() gets linked in */

        OPENSSL_init();
        if (!allow_customize)
                return 0;
        OPENSSL_init();
        if (!allow_customize)
                return 0;

diff --git a/crypto/modes/asm/ghash-x86.pl b/crypto/modes/asm/ghash-x86.pl
index 6b09669d474abbc55c8643b4460f0b6de770eab6..83c727e07f951764e1fa6f818733f4ba9eb12f04 100644 (file)
--- a/crypto/modes/asm/ghash-x86.pl
+++ b/crypto/modes/asm/ghash-x86.pl
@@ -635,7 +635,7 @@ sub mmx_loop() {
     { my @lo  = ("mm0","mm1","mm2");
       my @hi  = ("mm3","mm4","mm5");
       my @tmp = ("mm6","mm7");
     { my @lo  = ("mm0","mm1","mm2");
       my @hi  = ("mm3","mm4","mm5");
       my @tmp = ("mm6","mm7");

-      my $off1=0,$off2=0,$i;
+      my ($off1,$off2,$i) = (0,0,);

 
       &add     ($Htbl,128);                    # optimize for size
       &lea     ("edi",&DWP(16+128,"esp"));
 
       &add     ($Htbl,128);                    # optimize for size
       &lea     ("edi",&DWP(16+128,"esp"));


@@ -883,7 +883,7 @@ sub reduction_alg9 {        # 17/13 times faster than Intel version
 my ($Xhi,$Xi) = @_;
 
        # 1st phase
 my ($Xhi,$Xi) = @_;
 
        # 1st phase

-       &movdqa         ($T1,$Xi)               #
+       &movdqa         ($T1,$Xi);              #

        &psllq          ($Xi,1);
        &pxor           ($Xi,$T1);              #
        &psllq          ($Xi,5);                #
        &psllq          ($Xi,1);
        &pxor           ($Xi,$T1);              #
        &psllq          ($Xi,5);                #


@@ -1019,7 +1019,7 @@ my ($Xhi,$Xi) = @_;
        &movdqa         ($Xhn,$Xn);
         &pxor          ($Xhi,$T1);             # "Ii+Xi", consume early
 
        &movdqa         ($Xhn,$Xn);
         &pxor          ($Xhi,$T1);             # "Ii+Xi", consume early
 

-         &movdqa       ($T1,$Xi)               #&reduction_alg9($Xhi,$Xi); 1st phase
+         &movdqa       ($T1,$Xi);              #&reduction_alg9($Xhi,$Xi); 1st phase

          &psllq        ($Xi,1);
          &pxor         ($Xi,$T1);              #
          &psllq        ($Xi,5);                #
          &psllq        ($Xi,1);
          &pxor         ($Xi,$T1);              #
          &psllq        ($Xi,5);                #

diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c
index 7d6d03497027e7dcac88ae53e482a9319155610a..ec6c1b30b2c9a0f5bc21a7a30060f1a7342ed58c 100644 (file)
--- a/crypto/modes/gcm128.c
+++ b/crypto/modes/gcm128.c
@@ -723,7 +723,7 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx,void *key,block128_f block)
 #  endif
        gcm_init_4bit(ctx->Htable,ctx->H.u);
 #  if  defined(GHASH_ASM_X86)                  /* x86 only */
 #  endif
        gcm_init_4bit(ctx->Htable,ctx->H.u);
 #  if  defined(GHASH_ASM_X86)                  /* x86 only */

-#   if defined(OPENSSL_IA32_SSE2)
+#   if defined(OPENSSL_IA32_SSE2)

        if (OPENSSL_ia32cap_P[0]&(1<<25)) {     /* check SSE bit */
 #   else
        if (OPENSSL_ia32cap_P[0]&(1<<23)) {     /* check MMX bit */
        if (OPENSSL_ia32cap_P[0]&(1<<25)) {     /* check SSE bit */
 #   else
        if (OPENSSL_ia32cap_P[0]&(1<<23)) {     /* check MMX bit */

diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index cfc89a992155416d949fb151d12eb0febdc9a2de..5a421fc4b6ae817ea79c75fed04d035a5270bc62 100644 (file)
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -394,7 +394,8 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
                        goto err;
                /* The 'iv' is used as the iv and as a salt.  It is
                 * NOT taken from the BytesToKey function */
                        goto err;
                /* The 'iv' is used as the iv and as a salt.  It is
                 * NOT taken from the BytesToKey function */

-               EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);
+               if (!EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL))
+                       goto err;

 
                if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE);
 
 
                if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE);
 


@@ -406,12 +407,15 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
                /* k=strlen(buf); */
 
                EVP_CIPHER_CTX_init(&ctx);
                /* k=strlen(buf); */
 
                EVP_CIPHER_CTX_init(&ctx);

-               EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv);
-               EVP_EncryptUpdate(&ctx,data,&j,data,i);
-               EVP_EncryptFinal_ex(&ctx,&(data[j]),&i);
+               ret = 1;
+               if (!EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv)
+                       || !EVP_EncryptUpdate(&ctx,data,&j,data,i)
+                       || !EVP_EncryptFinal_ex(&ctx,&(data[j]),&i))
+                       ret = 0;

                EVP_CIPHER_CTX_cleanup(&ctx);
                EVP_CIPHER_CTX_cleanup(&ctx);

+               if (ret == 0)
+                       goto err;

                i+=j;
                i+=j;

-               ret=1;

                }
        else
                {
                }
        else
                {


@@ -459,14 +463,17 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
        ebcdic2ascii(buf, buf, klen);
 #endif
 
        ebcdic2ascii(buf, buf, klen);
 #endif
 

-       EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]),
-               (unsigned char *)buf,klen,1,key,NULL);
+       if (!EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]),
+               (unsigned char *)buf,klen,1,key,NULL))
+               return 0;

 
        j=(int)len;
        EVP_CIPHER_CTX_init(&ctx);
 
        j=(int)len;
        EVP_CIPHER_CTX_init(&ctx);

-       EVP_DecryptInit_ex(&ctx,cipher->cipher,NULL, key,&(cipher->iv[0]));
-       EVP_DecryptUpdate(&ctx,data,&i,data,j);
-       o=EVP_DecryptFinal_ex(&ctx,&(data[i]),&j);
+       o = EVP_DecryptInit_ex(&ctx,cipher->cipher,NULL, key,&(cipher->iv[0]));
+       if (o)
+               o = EVP_DecryptUpdate(&ctx,data,&i,data,j);
+       if (o)
+               o = EVP_DecryptFinal_ex(&ctx,&(data[i]),&j);

        EVP_CIPHER_CTX_cleanup(&ctx);
        OPENSSL_cleanse((char *)buf,sizeof(buf));
        OPENSSL_cleanse((char *)key,sizeof(key));
        EVP_CIPHER_CTX_cleanup(&ctx);
        OPENSSL_cleanse((char *)buf,sizeof(buf));
        OPENSSL_cleanse((char *)key,sizeof(key));

diff --git a/crypto/pem/pem_seal.c b/crypto/pem/pem_seal.c
index 59690b56aeee0e67da9039d3b38dbbc1d170ebe7..b6b4e13498eb671df935d133335524662844a9c2 100644 (file)
--- a/crypto/pem/pem_seal.c
+++ b/crypto/pem/pem_seal.c
@@ -96,7 +96,8 @@ int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
        EVP_EncodeInit(&ctx->encode);
 
        EVP_MD_CTX_init(&ctx->md);
        EVP_EncodeInit(&ctx->encode);
 
        EVP_MD_CTX_init(&ctx->md);

-       EVP_SignInit(&ctx->md,md_type);
+       if (!EVP_SignInit(&ctx->md,md_type))
+               goto err;

 
        EVP_CIPHER_CTX_init(&ctx->cipher);
        ret=EVP_SealInit(&ctx->cipher,type,ek,ekl,iv,pubk,npubk);
 
        EVP_CIPHER_CTX_init(&ctx->cipher);
        ret=EVP_SealInit(&ctx->cipher,type,ek,ekl,iv,pubk,npubk);


@@ -163,7 +164,8 @@ int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl,
                goto err;
                }
 
                goto err;
                }
 

-       EVP_EncryptFinal_ex(&ctx->cipher,s,(int *)&i);
+       if (!EVP_EncryptFinal_ex(&ctx->cipher,s,(int *)&i))
+               goto err;

        EVP_EncodeUpdate(&ctx->encode,out,&j,s,i);
        *outl=j;
        out+=j;
        EVP_EncodeUpdate(&ctx->encode,out,&j,s,i);
        *outl=j;
        out+=j;

diff --git a/crypto/perlasm/cbc.pl b/crypto/perlasm/cbc.pl
index 6fc2510905befc7701506e51aea5b523778cc795..24561e759aba6812c1e42a18250aaf606e30b2a7 100644 (file)
--- a/crypto/perlasm/cbc.pl
+++ b/crypto/perlasm/cbc.pl
@@ -150,7 +150,7 @@ sub cbc
 &set_label("PIC_point");
        &blindpop("edx");
        &lea("ecx",&DWP(&label("cbc_enc_jmp_table")."-".&label("PIC_point"),"edx"));
 &set_label("PIC_point");
        &blindpop("edx");
        &lea("ecx",&DWP(&label("cbc_enc_jmp_table")."-".&label("PIC_point"),"edx"));

-       &mov($count,&DWP(0,"ecx",$count,4))
+       &mov($count,&DWP(0,"ecx",$count,4));

        &add($count,"edx");
        &xor("ecx","ecx");
        &xor("edx","edx");
        &add($count,"edx");
        &xor("ecx","ecx");
        &xor("edx","edx");

diff --git a/crypto/perlasm/x86masm.pl b/crypto/perlasm/x86masm.pl
index 96b1b73e1a3a25d8612da13196e637eeed4c566a..f937d07c87dfb956cd60010c871e67e456f31dcb 100644 (file)
--- a/crypto/perlasm/x86masm.pl
+++ b/crypto/perlasm/x86masm.pl
@@ -33,6 +33,7 @@ sub ::generic
 sub ::call     { &::emit("call",(&::islabel($_[0]) or "$nmdecor$_[0]")); }
 sub ::call_ptr { &::emit("call",@_);   }
 sub ::jmp_ptr  { &::emit("jmp",@_);    }
 sub ::call     { &::emit("call",(&::islabel($_[0]) or "$nmdecor$_[0]")); }
 sub ::call_ptr { &::emit("call",@_);   }
 sub ::jmp_ptr  { &::emit("jmp",@_);    }

+sub ::lock     { &::data_byte(0xf0);   }

 
 sub get_mem
 { my($size,$addr,$reg1,$reg2,$idx)=@_;
 
 sub get_mem
 { my($size,$addr,$reg1,$reg2,$idx)=@_;

diff --git a/crypto/pkcs12/p12_key.c b/crypto/pkcs12/p12_key.c
index c55c7b60b34323a65c3e6a888619287baa3f1c15..61d58502fd185afaf282e155735a4a56a38499d1 100644 (file)
--- a/crypto/pkcs12/p12_key.c
+++ b/crypto/pkcs12/p12_key.c
@@ -176,24 +176,32 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
                out += u;
                for (j = 0; j < v; j++) B[j] = Ai[j % u];
                /* Work out B + 1 first then can use B as tmp space */
                out += u;
                for (j = 0; j < v; j++) B[j] = Ai[j % u];
                /* Work out B + 1 first then can use B as tmp space */

-               if (!BN_bin2bn (B, v, Bpl1)) goto err;
-               if (!BN_add_word (Bpl1, 1)) goto err;
+               if (!BN_bin2bn (B, v, Bpl1))
+                       goto err;
+               if (!BN_add_word (Bpl1, 1))
+                       goto err;

                for (j = 0; j < Ilen ; j+=v) {
                for (j = 0; j < Ilen ; j+=v) {

-                       if (!BN_bin2bn (I + j, v, Ij)) goto err;
-                       if (!BN_add (Ij, Ij, Bpl1)) goto err;
-                       BN_bn2bin (Ij, B);
+                       if (!BN_bin2bn(I + j, v, Ij))
+                               goto err;
+                       if (!BN_add(Ij, Ij, Bpl1))
+                               goto err;
+                       if (!BN_bn2bin(Ij, B))
+                               goto err;

                        Ijlen = BN_num_bytes (Ij);
                        /* If more than 2^(v*8) - 1 cut off MSB */
                        if (Ijlen > v) {
                        Ijlen = BN_num_bytes (Ij);
                        /* If more than 2^(v*8) - 1 cut off MSB */
                        if (Ijlen > v) {

-                               BN_bn2bin (Ij, B);
+                               if (!BN_bn2bin (Ij, B))
+                                       goto err;

                                memcpy (I + j, B + 1, v);
 #ifndef PKCS12_BROKEN_KEYGEN
                        /* If less than v bytes pad with zeroes */
                        } else if (Ijlen < v) {
                                memset(I + j, 0, v - Ijlen);
                                memcpy (I + j, B + 1, v);
 #ifndef PKCS12_BROKEN_KEYGEN
                        /* If less than v bytes pad with zeroes */
                        } else if (Ijlen < v) {
                                memset(I + j, 0, v - Ijlen);

-                               BN_bn2bin(Ij, I + j + v - Ijlen); 
+                               if (!BN_bn2bin(Ij, I + j + v - Ijlen))
+                                       goto err;

 #endif
 #endif

-                       } else BN_bn2bin (Ij, I + j);
+                       } else if (!BN_bn2bin (Ij, I + j))
+                               goto err;

                }
        }
 
                }
        }
 

diff --git a/crypto/pkcs7/bio_pk7.c b/crypto/pkcs7/bio_pk7.c
index c8d06d6cdc83e39eeea23f1f5eeb89ec8a8dd1b4..0fd31e730ffab582f6dcb5ae06a416f2eaaf0657 100644 (file)
--- a/crypto/pkcs7/bio_pk7.c
+++ b/crypto/pkcs7/bio_pk7.c
@@ -56,7 +56,7 @@
 #include <openssl/pkcs7.h>
 #include <openssl/bio.h>
 
 #include <openssl/pkcs7.h>
 #include <openssl/bio.h>
 

-#ifndef OPENSSL_SYSNAME_NETWARE
+#if !defined(OPENSSL_SYSNAME_NETWARE) && !defined(OPENSSL_SYSNAME_VXWORKS)

 #include <memory.h>
 #endif
 #include <stdio.h>
 #include <memory.h>
 #endif
 #include <stdio.h>

diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c
index fcdd3f2a845feeedd724a59706ea3d2c9243ad37..1e3bcb9bc426a7580b3926bedc0b3ba4a9e259aa 100644 (file)
--- a/crypto/rand/md_rand.c
+++ b/crypto/rand/md_rand.c
@@ -123,10 +123,10 @@
 
 #include "e_os.h"
 
 
 #include "e_os.h"
 

+#include <openssl/crypto.h>

 #include <openssl/rand.h>
 #include "rand_lcl.h"
 
 #include <openssl/rand.h>
 #include "rand_lcl.h"
 

-#include <openssl/crypto.h>

 #include <openssl/err.h>
 
 #ifdef BN_DEBUG
 #include <openssl/err.h>
 
 #ifdef BN_DEBUG

diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index daf1dab9739590e409d7044aafd9e08c210accd2..89c8a38146605feacefd163b607e7d0fc358e72c 100644 (file)
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -235,14 +235,12 @@ static size_t drbg_get_adin(DRBG_CTX *ctx, unsigned char **pout)
 static int drbg_rand_add(DRBG_CTX *ctx, const void *in, int inlen,
                                double entropy)
        {
 static int drbg_rand_add(DRBG_CTX *ctx, const void *in, int inlen,
                                double entropy)
        {

-       RAND_SSLeay()->add(in, inlen, entropy);
-       return 1;
+       return RAND_SSLeay()->add(in, inlen, entropy);

        }
 
 static int drbg_rand_seed(DRBG_CTX *ctx, const void *in, int inlen)
        {
        }
 
 static int drbg_rand_seed(DRBG_CTX *ctx, const void *in, int inlen)
        {

-       RAND_SSLeay()->seed(in, inlen);
-       return 1;
+       return RAND_SSLeay()->seed(in, inlen);

        }
 
 #ifndef OPENSSL_DRBG_DEFAULT_TYPE
        }
 
 #ifndef OPENSSL_DRBG_DEFAULT_TYPE

diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c
index 030e07f41826f67a5c691520138b20c302166c9b..7f1428072d27d612b2345353a7c408a68b9d1df7 100644 (file)
--- a/crypto/rand/randfile.c
+++ b/crypto/rand/randfile.c
@@ -57,7 +57,9 @@
  */
 
 /* We need to define this to get macros like S_IFBLK and S_IFCHR */
  */
 
 /* We need to define this to get macros like S_IFBLK and S_IFCHR */

+#if !defined(OPENSSL_SYS_VXWORKS)

 #define _XOPEN_SOURCE 500
 #define _XOPEN_SOURCE 500

+#endif

 
 #include <errno.h>
 #include <stdio.h>
 
 #include <errno.h>
 #include <stdio.h>

diff --git a/crypto/rc2/rc2_skey.c b/crypto/rc2/rc2_skey.c
index 6668ac011f0d1291c8106b343142e455a42dcb97..065b2fd16e9ddd76a8bea1f1c5afb7bbe9c274dc 100644 (file)
--- a/crypto/rc2/rc2_skey.c
+++ b/crypto/rc2/rc2_skey.c
@@ -56,7 +56,6 @@
  * [including the GNU Public Licence.]
  */
 
  * [including the GNU Public Licence.]
  */
 

-#include <openssl/crypto.h>

 #include <openssl/rc2.h>
 #include "rc2_locl.h"
 
 #include <openssl/rc2.h>
 #include "rc2_locl.h"
 

diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h
index 4814a2fc15e879197f306accae3edf11b9a3ca84..5f269e577af498c6d7f43f618e9113ac5b467dd9 100644 (file)
--- a/crypto/rsa/rsa.h
+++ b/crypto/rsa/rsa.h
@@ -280,7 +280,7 @@ struct rsa_st
 
 RSA *  RSA_new(void);
 RSA *  RSA_new_method(ENGINE *engine);
 
 RSA *  RSA_new(void);
 RSA *  RSA_new_method(ENGINE *engine);

-int    RSA_size(const RSA *);
+int    RSA_size(const RSA *rsa);

 
 /* Deprecated version */
 #ifndef OPENSSL_NO_DEPRECATED
 
 /* Deprecated version */
 #ifndef OPENSSL_NO_DEPRECATED

diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c
index 2e1ddd48d35b0ff08432f8e3ba9c1394ed5b7911..88ee2cb557f0130e3031734d6e5855dc964560dd 100644 (file)
--- a/crypto/rsa/rsa_eay.c
+++ b/crypto/rsa/rsa_eay.c
@@ -847,12 +847,12 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
        if (!BN_mod(r0,pr1,rsa->p,ctx)) goto err;
 
        /* If p < q it is occasionally possible for the correction of
        if (!BN_mod(r0,pr1,rsa->p,ctx)) goto err;
 
        /* If p < q it is occasionally possible for the correction of

-         * adding 'p' if r0 is negative above to leave the result still
+        * adding 'p' if r0 is negative above to leave the result still

         * negative. This can break the private key operations: the following
         * second correction should *always* correct this rare occurrence.
         * This will *never* happen with OpenSSL generated keys because
         * negative. This can break the private key operations: the following
         * second correction should *always* correct this rare occurrence.
         * This will *never* happen with OpenSSL generated keys because

-         * they ensure p > q [steve]
-         */
+        * they ensure p > q [steve]
+        */

        if (BN_is_negative(r0))
                if (!BN_add(r0,r0,rsa->p)) goto err;
        if (!BN_mul(r1,r0,rsa->q,ctx)) goto err;
        if (BN_is_negative(r0))
                if (!BN_add(r0,r0,rsa->p)) goto err;
        if (!BN_mul(r1,r0,rsa->q,ctx)) goto err;

diff --git a/crypto/seed/seed.c b/crypto/seed/seed.c
index 3e675a8d75515206c89e115f376d674e08a05ca6..6e1a6b9c702f70d44ca78134ee3b2fe0a4702a5a 100644 (file)
--- a/crypto/seed/seed.c
+++ b/crypto/seed/seed.c
@@ -32,7 +32,6 @@
 #include <memory.h>
 #endif
 
 #include <memory.h>
 #endif
 

-#include <openssl/crypto.h>

 #include <openssl/seed.h>
 #include "seed_locl.h"
 
 #include <openssl/seed.h>
 #include "seed_locl.h"
 

diff --git a/crypto/sha/asm/sha1-ia64.pl b/crypto/sha/asm/sha1-ia64.pl
index db28f0805a11c568e468d2cb7d8a46280c70237c..02d35d1614c1341f464f1aba3a6a9590a9c01248 100644 (file)
--- a/crypto/sha/asm/sha1-ia64.pl
+++ b/crypto/sha/asm/sha1-ia64.pl
@@ -271,7 +271,8 @@ tmp6=loc13;
 
 ___
 
 
 ___
 

-{ my $i,@V=($A,$B,$C,$D,$E);
+{ my $i;
+  my @V=($A,$B,$C,$D,$E);

 
        for($i=0;$i<16;$i++)    { &BODY_00_15(\$code,$i,@V); unshift(@V,pop(@V)); }
        for(;$i<20;$i++)        { &BODY_16_19(\$code,$i,@V); unshift(@V,pop(@V)); }
 
        for($i=0;$i<16;$i++)    { &BODY_00_15(\$code,$i,@V); unshift(@V,pop(@V)); }
        for(;$i<20;$i++)        { &BODY_16_19(\$code,$i,@V); unshift(@V,pop(@V)); }

diff --git a/crypto/sha/asm/sha1-sparcv9a.pl b/crypto/sha/asm/sha1-sparcv9a.pl
index 85e8d68086bb700855ec3fedb5b17fba4a7a1464..e65291bbd9791fe7c990cd45c51c01fa30988dde 100644 (file)
--- a/crypto/sha/asm/sha1-sparcv9a.pl
+++ b/crypto/sha/asm/sha1-sparcv9a.pl
@@ -549,7 +549,7 @@ ___
 # programmer detect if current CPU is VIS capable at run-time.
 sub unvis {
 my ($mnemonic,$rs1,$rs2,$rd)=@_;
 # programmer detect if current CPU is VIS capable at run-time.
 sub unvis {
 my ($mnemonic,$rs1,$rs2,$rd)=@_;

-my $ref,$opf;
+my ($ref,$opf);

 my %visopf = ( "fmul8ulx16"    => 0x037,
                "faligndata"    => 0x048,
                "fpadd32"       => 0x052,
 my %visopf = ( "fmul8ulx16"    => 0x037,
                "faligndata"    => 0x048,
                "fpadd32"       => 0x052,

diff --git a/crypto/sha/asm/sha512-586.pl b/crypto/sha/asm/sha512-586.pl
index 5b9f3337add34697ff4d0eaf728d1c7d5a0f047a..7eab6a5b88b245e85b96e08a4e85bec7ea1220ad 100644 (file)
--- a/crypto/sha/asm/sha512-586.pl
+++ b/crypto/sha/asm/sha512-586.pl
@@ -142,9 +142,9 @@ sub BODY_00_15_x86 {
        &mov    ("edx",$Ehi);
        &mov    ("esi","ecx");
 
        &mov    ("edx",$Ehi);
        &mov    ("esi","ecx");
 

-       &shr    ("ecx",9)       # lo>>9
+       &shr    ("ecx",9);      # lo>>9

        &mov    ("edi","edx");
        &mov    ("edi","edx");

-       &shr    ("edx",9)       # hi>>9
+       &shr    ("edx",9);      # hi>>9

        &mov    ("ebx","ecx");
        &shl    ("esi",14);     # lo<<14
        &mov    ("eax","edx");
        &mov    ("ebx","ecx");
        &shl    ("esi",14);     # lo<<14
        &mov    ("eax","edx");


@@ -207,9 +207,9 @@ sub BODY_00_15_x86 {
        &mov    ($Dhi,"ebx");
        &mov    ("esi","ecx");
 
        &mov    ($Dhi,"ebx");
        &mov    ("esi","ecx");
 

-       &shr    ("ecx",2)       # lo>>2
+       &shr    ("ecx",2);      # lo>>2

        &mov    ("edi","edx");
        &mov    ("edi","edx");

-       &shr    ("edx",2)       # hi>>2
+       &shr    ("edx",2);      # hi>>2

        &mov    ("ebx","ecx");
        &shl    ("esi",4);      # lo<<4
        &mov    ("eax","edx");
        &mov    ("ebx","ecx");
        &shl    ("esi",4);      # lo<<4
        &mov    ("eax","edx");


@@ -452,9 +452,9 @@ if ($sse2) {
        &mov    ("edx",&DWP(8*(9+15+16-1)+4,"esp"));
        &mov    ("esi","ecx");
 
        &mov    ("edx",&DWP(8*(9+15+16-1)+4,"esp"));
        &mov    ("esi","ecx");
 

-       &shr    ("ecx",1)       # lo>>1
+       &shr    ("ecx",1);      # lo>>1

        &mov    ("edi","edx");
        &mov    ("edi","edx");

-       &shr    ("edx",1)       # hi>>1
+       &shr    ("edx",1);      # hi>>1

        &mov    ("eax","ecx");
        &shl    ("esi",24);     # lo<<24
        &mov    ("ebx","edx");
        &mov    ("eax","ecx");
        &shl    ("esi",24);     # lo<<24
        &mov    ("ebx","edx");


@@ -488,9 +488,9 @@ if ($sse2) {
        &mov    ("edx",&DWP(8*(9+15+16-14)+4,"esp"));
        &mov    ("esi","ecx");
 
        &mov    ("edx",&DWP(8*(9+15+16-14)+4,"esp"));
        &mov    ("esi","ecx");
 

-       &shr    ("ecx",6)       # lo>>6
+       &shr    ("ecx",6);      # lo>>6

        &mov    ("edi","edx");
        &mov    ("edi","edx");

-       &shr    ("edx",6)       # hi>>6
+       &shr    ("edx",6);      # hi>>6

        &mov    ("eax","ecx");
        &shl    ("esi",3);      # lo<<3
        &mov    ("ebx","edx");
        &mov    ("eax","ecx");
        &shl    ("esi",3);      # lo<<3
        &mov    ("ebx","edx");

diff --git a/crypto/sha/sha1_one.c b/crypto/sha/sha1_one.c
index 7c65b60276cdb85115fa7447dbb00ce28cda90cf..c56ec94020e180600f534e68c3402839ca330a79 100644 (file)
--- a/crypto/sha/sha1_one.c
+++ b/crypto/sha/sha1_one.c
@@ -58,8 +58,8 @@
 
 #include <stdio.h>
 #include <string.h>
 
 #include <stdio.h>
 #include <string.h>

-#include <openssl/sha.h>

 #include <openssl/crypto.h>
 #include <openssl/crypto.h>

+#include <openssl/sha.h>

 
 #ifndef OPENSSL_NO_SHA1
 unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md)
 
 #ifndef OPENSSL_NO_SHA1
 unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md)

diff --git a/crypto/sha/sha1dgst.c b/crypto/sha/sha1dgst.c
index 81219af08834830ccb02b313336e7e61be253cdd..a98690225fdc1081d3a369b34c8ffadefa83cc96 100644 (file)
--- a/crypto/sha/sha1dgst.c
+++ b/crypto/sha/sha1dgst.c
@@ -56,8 +56,8 @@
  * [including the GNU Public Licence.]
  */
 
  * [including the GNU Public Licence.]
  */
 

-#include <openssl/opensslconf.h>

 #include <openssl/crypto.h>
 #include <openssl/crypto.h>

+#include <openssl/opensslconf.h>

 #if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_SHA)
 
 #undef  SHA_0
 #if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_SHA)
 
 #undef  SHA_0

diff --git a/crypto/sha/sha_dgst.c b/crypto/sha/sha_dgst.c
index c946ad827d586e121e2dd01de38b1fb48addbd17..fb63b17ff2c3baddd9637814b5a62825f2fff495 100644 (file)
--- a/crypto/sha/sha_dgst.c
+++ b/crypto/sha/sha_dgst.c
@@ -56,8 +56,8 @@
  * [including the GNU Public Licence.]
  */
 
  * [including the GNU Public Licence.]
  */
 

-#include <openssl/opensslconf.h>

 #include <openssl/crypto.h>
 #include <openssl/crypto.h>

+#include <openssl/opensslconf.h>

 #if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA)
 
 #undef  SHA_1
 #if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA)
 
 #undef  SHA_1

diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c
index c8be907d7f7f55826a6ed69e92408894a2655a4b..4a3d13edf6cbf4482e007a060267d9702b73f3b3 100644 (file)
--- a/crypto/srp/srp_vfy.c
+++ b/crypto/srp/srp_vfy.c
@@ -390,7 +390,7 @@ int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file)
                }
        for (i = 0; i < sk_OPENSSL_PSTRING_num(tmpdb->data); i++)
                {
                }
        for (i = 0; i < sk_OPENSSL_PSTRING_num(tmpdb->data); i++)
                {

-               pp = (char **)sk_OPENSSL_PSTRING_value(tmpdb->data,i);
+               pp = sk_OPENSSL_PSTRING_value(tmpdb->data,i);

                if (pp[DB_srptype][0] == DB_SRP_INDEX)
                        {
                        /*we add this couple in the internal Stack */
                if (pp[DB_srptype][0] == DB_SRP_INDEX)
                        {
                        /*we add this couple in the internal Stack */


@@ -581,7 +581,8 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
        if (*salt == NULL)
                {
                char *tmp_salt;
        if (*salt == NULL)
                {
                char *tmp_salt;

-               if ((tmp_salt = (char *)OPENSSL_malloc(SRP_RANDOM_SALT_LEN * 2)) == NULL)
+
+               if ((tmp_salt = OPENSSL_malloc(SRP_RANDOM_SALT_LEN * 2)) == NULL)

                        {
                        OPENSSL_free(vf);
                        goto err;
                        {
                        OPENSSL_free(vf);
                        goto err;

diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c
index 5832a73cf59ab979744642b530c2531242746f43..a38c7581e6a0ca10376d05fc9994f4c74a41128a 100644 (file)
--- a/crypto/ui/ui_openssl.c
+++ b/crypto/ui/ui_openssl.c
@@ -122,9 +122,15 @@
  * sigaction and fileno included. -pedantic would be more appropriate for
  * the intended purposes, but we can't prevent users from adding -ansi.
  */
  * sigaction and fileno included. -pedantic would be more appropriate for
  * the intended purposes, but we can't prevent users from adding -ansi.
  */

+#if defined(OPENSSL_SYSNAME_VXWORKS)
+#include <sys/types.h>
+#endif
+

 #if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
 #if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)

+#ifndef _POSIX_C_SOURCE

 #define _POSIX_C_SOURCE 2
 #endif
 #define _POSIX_C_SOURCE 2
 #endif

+#endif

 #include <signal.h>
 #include <stdio.h>
 #include <string.h>
 #include <signal.h>
 #include <stdio.h>
 #include <string.h>

diff --git a/crypto/whrlpool/asm/wp-mmx.pl b/crypto/whrlpool/asm/wp-mmx.pl
index 32cf16380b54d39aea6ff7ed5a3b40fae6f2ec7c..cb2381c22ba12aed4a9411bb181b7e16e30ec45d 100644 (file)
--- a/crypto/whrlpool/asm/wp-mmx.pl
+++ b/crypto/whrlpool/asm/wp-mmx.pl
@@ -119,7 +119,7 @@ $tbl="ebp";
        &mov    ("eax",&DWP(0,"esp"));
        &mov    ("ebx",&DWP(4,"esp"));
 for($i=0;$i<8;$i++) {
        &mov    ("eax",&DWP(0,"esp"));
        &mov    ("ebx",&DWP(4,"esp"));
 for($i=0;$i<8;$i++) {

-    my $func = ($i==0)? movq : pxor;
+    my $func = ($i==0)? \&movq : \&pxor;

        &movb   (&LB("ecx"),&LB("eax"));
        &movb   (&LB("edx"),&HB("eax"));
        &scale  ("esi","ecx");
        &movb   (&LB("ecx"),&LB("eax"));
        &movb   (&LB("edx"),&HB("eax"));
        &scale  ("esi","ecx");

diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index 7c2aaee2e9a2a81264f3d1e67dbe59adfd9ed48a..352aa374343b930eab79549ea35922350654c946 100644 (file)
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -86,10 +86,9 @@ unsigned long X509_issuer_and_serial_hash(X509 *a)
 
        EVP_MD_CTX_init(&ctx);
        f=X509_NAME_oneline(a->cert_info->issuer,NULL,0);
 
        EVP_MD_CTX_init(&ctx);
        f=X509_NAME_oneline(a->cert_info->issuer,NULL,0);

-       ret=strlen(f);

        if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL))
                goto err;
        if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL))
                goto err;

-       if (!EVP_DigestUpdate(&ctx,(unsigned char *)f,ret))
+       if (!EVP_DigestUpdate(&ctx,(unsigned char *)f,strlen(f)))

                goto err;
        OPENSSL_free(f);
        if(!EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
                goto err;
        OPENSSL_free(f);
        if(!EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data,


@@ -249,14 +248,14 @@ unsigned long X509_NAME_hash_old(X509_NAME *x)
        i2d_X509_NAME(x,NULL);
        EVP_MD_CTX_init(&md_ctx);
        EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
        i2d_X509_NAME(x,NULL);
        EVP_MD_CTX_init(&md_ctx);
        EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);

-       EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL);
-       EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length);
-       EVP_DigestFinal_ex(&md_ctx,md,NULL);
+       if (EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL)
+           && EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length)
+           && EVP_DigestFinal_ex(&md_ctx,md,NULL))
+               ret=(((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
+                    ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
+                    )&0xffffffffL;

        EVP_MD_CTX_cleanup(&md_ctx);
 
        EVP_MD_CTX_cleanup(&md_ctx);
 

-       ret=(   ((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
-               ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
-               )&0xffffffffL;

        return(ret);
        }
 #endif
        return(ret);
        }
 #endif

diff --git a/crypto/x86cpuid.pl b/crypto/x86cpuid.pl
index 39fd8f22931d0b0f191b10cf52e1dc2f5d61bbfd..c18b0e2486d6ead7578d88a0cb227995b93eb67f 100644 (file)
--- a/crypto/x86cpuid.pl
+++ b/crypto/x86cpuid.pl
@@ -165,7 +165,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
        &jnz    (&label("nohalt"));     # not enough privileges
 
        &pushf  ();
        &jnz    (&label("nohalt"));     # not enough privileges
 
        &pushf  ();

-       &pop    ("eax")
+       &pop    ("eax");

        &bt     ("eax",9);
        &jnc    (&label("nohalt"));     # interrupts are disabled
 
        &bt     ("eax",9);
        &jnc    (&label("nohalt"));     # interrupts are disabled
 


@@ -280,7 +280,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
 #      arguments is 1 or 2!
 &function_begin_B("OPENSSL_indirect_call");
        {
 #      arguments is 1 or 2!
 &function_begin_B("OPENSSL_indirect_call");
        {

-       my $i,$max=7;           # $max has to be chosen as 4*n-1
+       my ($max,$i)=(7,);      # $max has to be chosen as 4*n-1

                                # in order to preserve eventual
                                # stack alignment
        &push   ("ebp");
                                # in order to preserve eventual
                                # stack alignment
        &push   ("ebp");

diff --git a/ssl/dtls1.h b/ssl/dtls1.h
index 5008bf608179cb444fac6f4e803994b4e63f9763..e65d5011915b45cf9097e87dbe35b9ac6401bd76 100644 (file)
--- a/ssl/dtls1.h
+++ b/ssl/dtls1.h
@@ -57,8 +57,8 @@
  *
  */
 
  *
  */
 

-#ifndef HEADER_DTLS1_H 
-#define HEADER_DTLS1_H 
+#ifndef HEADER_DTLS1_H
+#define HEADER_DTLS1_H

 
 #include <openssl/buffer.h>
 #include <openssl/pqueue.h>
 
 #include <openssl/buffer.h>
 #include <openssl/pqueue.h>


@@ -72,8 +72,12 @@
 #elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_)
 #include <sys/timeval.h>
 #else
 #elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_)
 #include <sys/timeval.h>
 #else

+#if defined(OPENSSL_SYS_VXWORKS)
+#include <sys/times.h>
+#else

 #include <sys/time.h>
 #endif
 #include <sys/time.h>
 #endif

+#endif

 
 #ifdef  __cplusplus
 extern "C" {
 
 #ifdef  __cplusplus
 extern "C" {

diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c
index bc885e8e7f6dbc440001b025d8a3315df759152b..2cba426bb7efdef03b0407faa44145c012a9dee8 100644 (file)
--- a/ssl/s2_srvr.c
+++ b/ssl/s2_srvr.c
@@ -1059,10 +1059,12 @@ static int request_certificate(SSL *s)
                EVP_PKEY *pkey=NULL;
 
                EVP_MD_CTX_init(&ctx);
                EVP_PKEY *pkey=NULL;
 
                EVP_MD_CTX_init(&ctx);

-               EVP_VerifyInit_ex(&ctx,s->ctx->rsa_md5, NULL);
-               EVP_VerifyUpdate(&ctx,s->s2->key_material,
-                                s->s2->key_material_length);
-               EVP_VerifyUpdate(&ctx,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
+               if (!EVP_VerifyInit_ex(&ctx,s->ctx->rsa_md5, NULL)
+                   || !EVP_VerifyUpdate(&ctx,s->s2->key_material,
+                                        s->s2->key_material_length)
+                   || !EVP_VerifyUpdate(&ctx,ccd,
+                                        SSL2_MIN_CERT_CHALLENGE_LENGTH))
+                       goto msg_end;

 
                i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL);
                buf2=OPENSSL_malloc((unsigned int)i);
 
                i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL);
                buf2=OPENSSL_malloc((unsigned int)i);


@@ -1073,7 +1075,11 @@ static int request_certificate(SSL *s)
                        }
                p2=buf2;
                i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&p2);
                        }
                p2=buf2;
                i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&p2);

-               EVP_VerifyUpdate(&ctx,buf2,(unsigned int)i);
+               if (!EVP_VerifyUpdate(&ctx,buf2,(unsigned int)i))
+                       {
+                       OPENSSL_free(buf2);
+                       goto msg_end;
+                       }

                OPENSSL_free(buf2);
 
                pkey=X509_get_pubkey(x509);
                OPENSSL_free(buf2);
 
                pkey=X509_get_pubkey(x509);

diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index b63460a56ddd3edd56d55d5d1237baf27768e4a9..918da350e052b51405d29e5edbd2b350fe7cd316 100644 (file)
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -204,7 +204,8 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
 
 #ifndef OPENSSL_NO_NEXTPROTONEG
 /* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen to far. */
 
 #ifndef OPENSSL_NO_NEXTPROTONEG
 /* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen to far. */

-static void ssl3_take_mac(SSL *s) {
+static void ssl3_take_mac(SSL *s)
+       {

        const char *sender;
        int slen;
 
        const char *sender;
        int slen;
 


@@ -221,7 +222,7 @@ static void ssl3_take_mac(SSL *s) {
 
        s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
                sender,slen,s->s3->tmp.peer_finish_md);
 
        s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
                sender,slen,s->s3->tmp.peer_finish_md);

-}
+       }

 #endif
 
 int ssl3_get_finished(SSL *s, int a, int b)
 #endif
 
 int ssl3_get_finished(SSL *s, int a, int b)


@@ -231,8 +232,9 @@ int ssl3_get_finished(SSL *s, int a, int b)
        unsigned char *p;
 
 #ifdef OPENSSL_NO_NEXTPROTONEG
        unsigned char *p;
 
 #ifdef OPENSSL_NO_NEXTPROTONEG

-       /* the mac has already been generated when we received the change
-        * cipher spec message and is in s->s3->tmp.peer_finish_md. */
+       /* the mac has already been generated when we received the
+        * change cipher spec message and is in s->s3->tmp.peer_finish_md.
+        */ 

 #endif
 
        n=s->method->ssl_get_message(s,
 #endif
 
        n=s->method->ssl_get_message(s,


@@ -537,12 +539,14 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
                s->init_num += i;
                n -= i;
                }
                s->init_num += i;
                n -= i;
                }

+

 #ifndef OPENSSL_NO_NEXTPROTONEG
        /* If receiving Finished, record MAC of prior handshake messages for
         * Finished verification. */
        if (*s->init_buf->data == SSL3_MT_FINISHED)
                ssl3_take_mac(s);
 #endif
 #ifndef OPENSSL_NO_NEXTPROTONEG
        /* If receiving Finished, record MAC of prior handshake messages for
         * Finished verification. */
        if (*s->init_buf->data == SSL3_MT_FINISHED)
                ssl3_take_mac(s);
 #endif

+

        /* Feed this message into MAC computation. */
        ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
        if (s->msg_callback)
        /* Feed this message into MAC computation. */
        ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
        if (s->msg_callback)

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index b80d052e1f5f011496379f4df191e9cd8f4a618b..7b4bc6304d3e391b7cda33029b8cacaab224f011 100644 (file)
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -459,7 +459,6 @@ int ssl3_connect(SSL *s)
                                SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
                        if (ret <= 0) goto end;
 
                                SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
                        if (ret <= 0) goto end;
 

-

 #if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
                        s->state=SSL3_ST_CW_FINISHED_A;
 #else
 #if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
                        s->state=SSL3_ST_CW_FINISHED_A;
 #else

diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index f71c03b58d52b7a4bffa1ea66c0654fdfe0d0617..dca345865a10a5fae10741e009676731181fc60d 100644 (file)
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -1239,7 +1239,7 @@ start:
                                goto f_err;
                                }
 #ifdef SSL_AD_MISSING_SRP_USERNAME
                                goto f_err;
                                }
 #ifdef SSL_AD_MISSING_SRP_USERNAME

-                       if (alert_descr == SSL_AD_MISSING_SRP_USERNAME)
+                       else if (alert_descr == SSL_AD_MISSING_SRP_USERNAME)

                                return(0);
 #endif
                        }
                                return(0);
 #endif
                        }

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 118939fabb1ae4307432fb363a0fbdb2b0bb301b..38e1281db29653f2cd3282d75a656e037a637a2c 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -191,7 +191,8 @@ static int ssl_check_srp_ext_ClientHello(SSL *s, int *al)
                {
                if(s->srp_ctx.login == NULL)
                        {
                {
                if(s->srp_ctx.login == NULL)
                        {

-                       /* There isn't any srp login extension !!! */
+                       /* RFC 5054 says SHOULD reject, 
+                          we do so if There is no srp login name */

                        ret = SSL3_AL_FATAL;
                        *al = SSL_AD_UNKNOWN_PSK_IDENTITY;
                        }
                        ret = SSL3_AL_FATAL;
                        *al = SSL_AD_UNKNOWN_PSK_IDENTITY;
                        }


@@ -378,6 +379,7 @@ int ssl3_accept(SSL *s)
                                }
                        }
 #endif         
                                }
                        }
 #endif         

+                       

                        s->renegotiate = 2;
                        s->state=SSL3_ST_SW_SRVR_HELLO_A;
                        s->init_num=0;
                        s->renegotiate = 2;
                        s->state=SSL3_ST_SW_SRVR_HELLO_A;
                        s->init_num=0;

diff --git a/ssl/ssl.h b/ssl/ssl.h
index 8b0c2a2dac4838ad181791cbe2417f5f1ccf0331..dcb8a62be85d5838de45234dcea9e7001f0dd20f 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -493,6 +493,9 @@ struct ssl_session_st
        char *psk_identity_hint;
        char *psk_identity;
 #endif
        char *psk_identity_hint;
        char *psk_identity;
 #endif

+       /* Used to indicate that session resumption is not allowed.
+        * Applications can also set this bit for a new session via
+        * not_resumable_session_cb to disable session caching and tickets. */

        int not_resumable;
 
        /* The cert is the certificate used to establish this connection */
        int not_resumable;
 
        /* The cert is the certificate used to establish this connection */


@@ -535,7 +538,7 @@ struct ssl_session_st
 #endif /* OPENSSL_NO_EC */
        /* RFC4507 info */
        unsigned char *tlsext_tick;     /* Session ticket */
 #endif /* OPENSSL_NO_EC */
        /* RFC4507 info */
        unsigned char *tlsext_tick;     /* Session ticket */

-       size_t  tlsext_ticklen;         /* Session ticket length */     
+       size_t tlsext_ticklen;          /* Session ticket length */

        long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */
 #endif
 #ifndef OPENSSL_NO_SRP
        long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */
 #endif
 #ifndef OPENSSL_NO_SRP


@@ -927,6 +930,7 @@ struct ssl_ctx_st
        /* Callback for status request */
        int (*tlsext_status_cb)(SSL *ssl, void *arg);
        void *tlsext_status_arg;
        /* Callback for status request */
        int (*tlsext_status_cb)(SSL *ssl, void *arg);
        void *tlsext_status_arg;

+

        /* draft-rescorla-tls-opaque-prf-input-00.txt information */
        int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg);
        void *tlsext_opaque_prf_input_callback_arg;
        /* draft-rescorla-tls-opaque-prf-input-00.txt information */
        int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg);
        void *tlsext_opaque_prf_input_callback_arg;


@@ -952,6 +956,7 @@ struct ssl_ctx_st
 #endif
 
 #ifndef OPENSSL_NO_TLSEXT
 #endif
 
 #ifndef OPENSSL_NO_TLSEXT

+

 # ifndef OPENSSL_NO_NEXTPROTONEG
        /* Next protocol negotiation information */
        /* (for experimental NPN extension). */
 # ifndef OPENSSL_NO_NEXTPROTONEG
        /* Next protocol negotiation information */
        /* (for experimental NPN extension). */

diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index 112e627de08d31af587d905bb6d84b4b77f345bd..247e88c2d631e570ce297f1a3d9a1861e6c9583c 100644 (file)
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -578,8 +578,10 @@ typedef struct ssl3_state_st
 #define SSL3_ST_CW_CERT_VRFY_B         (0x191|SSL_ST_CONNECT)
 #define SSL3_ST_CW_CHANGE_A            (0x1A0|SSL_ST_CONNECT)
 #define SSL3_ST_CW_CHANGE_B            (0x1A1|SSL_ST_CONNECT)
 #define SSL3_ST_CW_CERT_VRFY_B         (0x191|SSL_ST_CONNECT)
 #define SSL3_ST_CW_CHANGE_A            (0x1A0|SSL_ST_CONNECT)
 #define SSL3_ST_CW_CHANGE_B            (0x1A1|SSL_ST_CONNECT)

+#ifndef OPENSSL_NO_NEXTPROTONEG

 #define SSL3_ST_CW_NEXT_PROTO_A                (0x200|SSL_ST_CONNECT)
 #define SSL3_ST_CW_NEXT_PROTO_B                (0x201|SSL_ST_CONNECT)
 #define SSL3_ST_CW_NEXT_PROTO_A                (0x200|SSL_ST_CONNECT)
 #define SSL3_ST_CW_NEXT_PROTO_B                (0x201|SSL_ST_CONNECT)

+#endif

 #define SSL3_ST_CW_FINISHED_A          (0x1B0|SSL_ST_CONNECT)
 #define SSL3_ST_CW_FINISHED_B          (0x1B1|SSL_ST_CONNECT)
 /* read from server */
 #define SSL3_ST_CW_FINISHED_A          (0x1B0|SSL_ST_CONNECT)
 #define SSL3_ST_CW_FINISHED_B          (0x1B1|SSL_ST_CONNECT)
 /* read from server */


@@ -629,8 +631,10 @@ typedef struct ssl3_state_st
 #define SSL3_ST_SR_CERT_VRFY_B         (0x1A1|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_CHANGE_A            (0x1B0|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_CHANGE_B            (0x1B1|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_CERT_VRFY_B         (0x1A1|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_CHANGE_A            (0x1B0|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_CHANGE_B            (0x1B1|SSL_ST_ACCEPT)

+#ifndef OPENSSL_NO_NEXTPROTONEG

 #define SSL3_ST_SR_NEXT_PROTO_A                (0x210|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_NEXT_PROTO_B                (0x211|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_NEXT_PROTO_A                (0x210|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_NEXT_PROTO_B                (0x211|SSL_ST_ACCEPT)

+#endif

 #define SSL3_ST_SR_FINISHED_A          (0x1C0|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_FINISHED_B          (0x1C1|SSL_ST_ACCEPT)
 /* write to client */
 #define SSL3_ST_SR_FINISHED_A          (0x1C0|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_FINISHED_B          (0x1C1|SSL_ST_ACCEPT)
 /* write to client */


@@ -655,7 +659,9 @@ typedef struct ssl3_state_st
 #define SSL3_MT_CLIENT_KEY_EXCHANGE            16
 #define SSL3_MT_FINISHED                       20
 #define SSL3_MT_CERTIFICATE_STATUS             22
 #define SSL3_MT_CLIENT_KEY_EXCHANGE            16
 #define SSL3_MT_FINISHED                       20
 #define SSL3_MT_CERTIFICATE_STATUS             22

+#ifndef OPENSSL_NO_NEXTPROTONEG

 #define SSL3_MT_NEXT_PROTO                     67
 #define SSL3_MT_NEXT_PROTO                     67

+#endif

 #define DTLS1_MT_HELLO_VERIFY_REQUEST    3
 
 
 #define DTLS1_MT_HELLO_VERIFY_REQUEST    3
 
 

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index f82d071d6e75689f22146bbf0cf3554ae99078dc..f232d555542b079a3c5fc0fd000890fcb00ab74b 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2608,7 +2608,7 @@ const char *SSL_get_version(const SSL *s)
                return("TLSv1.2");
        else if (s->version == TLS1_1_VERSION)
                return("TLSv1.1");
                return("TLSv1.2");
        else if (s->version == TLS1_1_VERSION)
                return("TLSv1.1");

-       if (s->version == TLS1_VERSION)
+       else if (s->version == TLS1_VERSION)

                return("TLSv1");
        else if (s->version == SSL3_VERSION)
                return("SSLv3");
                return("TLSv1");
        else if (s->version == SSL3_VERSION)
                return("SSLv3");

diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index c0960b5712b8e596ec4ed057e915da804ec68bde..60e7b66859dbe3db21d9f4fa4404601537117dba 100644 (file)
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -710,7 +710,7 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
 
        ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */
 
 
        ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */
 

-       in=BIO_new(BIO_s_file_internal());
+       in = BIO_new(BIO_s_file_internal());

        if (in == NULL)
                {
                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_BUF_LIB);
        if (in == NULL)
                {
                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_BUF_LIB);


@@ -723,14 +723,16 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
                goto end;
                }
 
                goto end;
                }
 

-       x=PEM_read_bio_X509_AUX(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
+       x=PEM_read_bio_X509_AUX(in,NULL,ctx->default_passwd_callback,
+                               ctx->default_passwd_callback_userdata);

        if (x == NULL)
                {
                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB);
                goto end;
                }
 
        if (x == NULL)
                {
                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB);
                goto end;
                }
 

-       ret=SSL_CTX_use_certificate(ctx,x);
+       ret = SSL_CTX_use_certificate(ctx, x);
+

        if (ERR_peek_error() != 0)
                ret = 0;  /* Key/certificate mismatch doesn't imply ret==0 ... */
        if (ret)
        if (ERR_peek_error() != 0)
                ret = 0;  /* Key/certificate mismatch doesn't imply ret==0 ... */
        if (ret)


@@ -742,13 +744,15 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
                int r;
                unsigned long err;
                
                int r;
                unsigned long err;
                

-               if (ctx->extra_certs != NULL) 
+               if (ctx->extra_certs != NULL)

                        {
                        sk_X509_pop_free(ctx->extra_certs, X509_free);
                        ctx->extra_certs = NULL;
                        }
 
                        {
                        sk_X509_pop_free(ctx->extra_certs, X509_free);
                        ctx->extra_certs = NULL;
                        }
 

-               while ((ca = PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata))
+               while ((ca = PEM_read_bio_X509(in, NULL,
+                                       ctx->default_passwd_callback,
+                                       ctx->default_passwd_callback_userdata))

                        != NULL)
                        {
                        r = SSL_CTX_add_extra_chain_cert(ctx, ca);
                        != NULL)
                        {
                        r = SSL_CTX_add_extra_chain_cert(ctx, ca);

diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index 0f8fd3902da52b8e3243d1f6ef927322eb54b22c..316bbb0c9582fe962945bd532c93eb3fd93c1d81 100644 (file)
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -543,8 +543,8 @@ int main(int argc, char *argv[])
        int comp = 0;
 #ifndef OPENSSL_NO_COMP
        COMP_METHOD *cm = NULL;
        int comp = 0;
 #ifndef OPENSSL_NO_COMP
        COMP_METHOD *cm = NULL;

-#endif

        STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
        STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;

+#endif

        int test_cipherlist = 0;
 #ifdef OPENSSL_FIPS
        int fips_mode=0;
        int test_cipherlist = 0;
 #ifdef OPENSSL_FIPS
        int fips_mode=0;

diff --git a/ssl/tls_srp.c b/ssl/tls_srp.c
index 8512c4daf6527f116d5eb3cbbe71dfbc8ec07a29..2315a7c0a2e9f3ea84c3096ae66d3ede12c60dde 100644 (file)
--- a/ssl/tls_srp.c
+++ b/ssl/tls_srp.c
@@ -242,7 +242,8 @@ int SSL_srp_server_param_with_username(SSL *s, int *ad)
                (s->srp_ctx.v == NULL))
                return SSL3_AL_FATAL;
 
                (s->srp_ctx.v == NULL))
                return SSL3_AL_FATAL;
 

-       RAND_bytes(b, sizeof(b));
+       if (RAND_bytes(b, sizeof(b)) <= 0)
+               return SSL3_AL_FATAL;

        s->srp_ctx.b = BN_bin2bn(b,sizeof(b),NULL);
        OPENSSL_cleanse(b,sizeof(b));
 
        s->srp_ctx.b = BN_bin2bn(b,sizeof(b),NULL);
        OPENSSL_cleanse(b,sizeof(b));