vendor/openssl/1.0.2l

12 files changed, 88 insertions, 48 deletions

diff --git a/apps/ca.c b/apps/ca.c
index 4cea3cb7b1ce..f90f033baed3 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -2126,10 +2126,8 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
         goto err;
     }
 
-    for (i = 0; i < DB_NUMBER; i++) {
+    for (i = 0; i < DB_NUMBER; i++)
         irow[i] = row[i];
-        row[i] = NULL;
-    }
     irow[DB_NUMBER] = NULL;
 
     if (!TXT_DB_insert(db->db, irow)) {
@@ -2137,11 +2135,14 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
         BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error);
         goto err;
     }
+    irow = NULL;
     ok = 1;
  err:
-    for (i = 0; i < DB_NUMBER; i++)
-        if (row[i] != NULL)
+    if (irow != NULL) {
+        for (i = 0; i < DB_NUMBER; i++)
             OPENSSL_free(row[i]);
+        OPENSSL_free(irow);
+    }
 
     if (CAname != NULL)
         X509_NAME_free(CAname);
@@ -2396,18 +2397,20 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
             goto err;
         }
 
-        for (i = 0; i < DB_NUMBER; i++) {
+        for (i = 0; i < DB_NUMBER; i++)
             irow[i] = row[i];
-            row[i] = NULL;
-        }
         irow[DB_NUMBER] = NULL;
 
         if (!TXT_DB_insert(db->db, irow)) {
             BIO_printf(bio_err, "failed to update database\n");
             BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error);
+            OPENSSL_free(irow);
             goto err;
         }
 
+        for (i = 0; i < DB_NUMBER; i++)
+            row[i] = NULL;
+
         /* Revoke Certificate */
         if (type == -1)
             ok = 1;
diff --git a/apps/dhparam.c b/apps/dhparam.c
index 1210adb104d9..bd91234abd66 100644
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -381,10 +381,19 @@ int MAIN(int argc, char **argv)
         } else
 # endif
         {
-            if (informat == FORMAT_ASN1)
+            if (informat == FORMAT_ASN1) {
+                /*
+                 * We have no PEM header to determine what type of DH params it
+                 * is. We'll just try both.
+                 */
                 dh = d2i_DHparams_bio(in, NULL);
-            else                /* informat == FORMAT_PEM */
+                /* BIO_reset() returns 0 for success for file BIOs only!!! */
+                if (dh == NULL && BIO_reset(in) == 0)
+                    dh = d2i_DHxparams_bio(in, NULL);
+            } else {
+                /* informat == FORMAT_PEM */
                 dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
+            }
 
             if (dh == NULL) {
                 BIO_printf(bio_err, "unable to load DH parameters\n");
@@ -484,10 +493,13 @@ int MAIN(int argc, char **argv)
     }
 
     if (!noout) {
-        if (outformat == FORMAT_ASN1)
-            i = i2d_DHparams_bio(out, dh);
-        else if (outformat == FORMAT_PEM) {
-            if (dh->q)
+        if (outformat == FORMAT_ASN1) {
+            if (dh->q != NULL)
+                i = i2d_DHxparams_bio(out, dh);
+            else
+                i = i2d_DHparams_bio(out, dh);
+        } else if (outformat == FORMAT_PEM) {
+            if (dh->q != NULL)
                 i = PEM_write_bio_DHxparams(out, dh);
             else
                 i = PEM_write_bio_DHparams(out, dh);
diff --git a/apps/enc.c b/apps/enc.c
index 8c8f1ef0f90b..66145b3be770 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -81,20 +81,32 @@ int set_hex(char *in, unsigned char *out, int size);
 #define BSIZE   (8*1024)
 #define PROG    enc_main
 
-static void show_ciphers(const OBJ_NAME *name, void *bio_)
+struct doall_enc_ciphers {
+    BIO *bio;
+    int n;
+};
+
+static void show_ciphers(const OBJ_NAME *name, void *arg)
 {
-    BIO *bio = bio_;
-    static int n;
+    struct doall_enc_ciphers *dec = (struct doall_enc_ciphers *)arg;
+    const EVP_CIPHER *cipher;
 
     if (!islower((unsigned char)*name->name))
         return;
 
-    BIO_printf(bio, "-%-25s", name->name);
-    if (++n == 3) {
-        BIO_printf(bio, "\n");
-        n = 0;
+    /* Filter out ciphers that we cannot use */
+    cipher = EVP_get_cipherbyname(name->name);
+    if (cipher == NULL ||
+            (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0 ||
+            EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE)
+        return;
+
+    BIO_printf(dec->bio, "-%-25s", name->name);
+    if (++dec->n == 3) {
+        BIO_printf(dec->bio, "\n");
+        dec->n = 0;
     } else
-        BIO_printf(bio, " ");
+        BIO_printf(dec->bio, " ");
 }
 
 int MAIN(int, char **);
@@ -130,6 +142,7 @@ int MAIN(int argc, char **argv)
     ENGINE *e = NULL;
     const EVP_MD *dgst = NULL;
     int non_fips_allow = 0;
+    struct doall_enc_ciphers dec;
 
     apps_startup();
 
@@ -311,8 +324,10 @@ int MAIN(int argc, char **argv)
 #endif
 
             BIO_printf(bio_err, "Cipher Types\n");
+            dec.n = 0;
+            dec.bio = bio_err;
             OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
-                                   show_ciphers, bio_err);
+                                   show_ciphers, &dec);
             BIO_printf(bio_err, "\n");
 
             goto end;
diff --git a/apps/engine.c b/apps/engine.c
index f54631b50d81..a8eed9af5c18 100644
--- a/apps/engine.c
+++ b/apps/engine.c
@@ -108,13 +108,16 @@ static int append_buf(char **buf, const char *s, int *size, int step)
     }
 
     if (strlen(*buf) + strlen(s) >= (unsigned int)*size) {
+        char *p = *buf;
+
         *size += step;
         *buf = OPENSSL_realloc(*buf, *size);
+        if (*buf == NULL) {
+            OPENSSL_free(p);
+            return 0;
+        }
     }
 
-    if (*buf == NULL)
-        return 0;
-
     if (**buf != '\0')
         BUF_strlcat(*buf, ", ", *size);
     BUF_strlcat(*buf, s, *size);
diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
index 7c62d1c8709b..19f2e5d9cf9f 100644
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@@ -322,8 +322,10 @@ int MAIN(int argc, char **argv)
                              buf_in, (size_t)buf_inlen);
         if (rv == 0)
             BIO_puts(out, "Signature Verification Failure\n");
-        else if (rv == 1)
+        else if (rv == 1) {
             BIO_puts(out, "Signature Verified Successfully\n");
+            ret = 0;
+        }
         if (rv >= 0)
             goto end;
     } else {
diff --git a/apps/prime.c b/apps/prime.c
index 133167f2d4d1..d8f764a3d7f1 100644
--- a/apps/prime.c
+++ b/apps/prime.c
@@ -155,5 +155,8 @@ int MAIN(int argc, char **argv)
     BIO_printf(bio_err, "options are\n");
     BIO_printf(bio_err, "%-14s hex\n", "-hex");
     BIO_printf(bio_err, "%-14s number of checks\n", "-checks <n>");
+    BIO_printf(bio_err, "%-14s generate prime\n", "-generate");
+    BIO_printf(bio_err, "%-14s number of bits\n", "-bits <n>");
+    BIO_printf(bio_err, "%-14s safe prime\n", "-safe");
     return 1;
 }
diff --git a/apps/progs.h b/apps/progs.h
index fb498fd20c27..d5c0039bd69d 100644
--- a/apps/progs.h
+++ b/apps/progs.h
@@ -58,7 +58,7 @@ extern int srp_main(int argc, char *argv[]);
 typedef struct {
     int type;
     const char *name;
-    int (*func) (int argc, char *argv[]);
+    int (*func)(int argc, char *argv[]);
 } FUNCTION;
 DECLARE_LHASH_OF(FUNCTION);
 
diff --git a/apps/progs.pl b/apps/progs.pl
index fa6258cf5e13..73498e3d6efa 100644
--- a/apps/progs.pl
+++ b/apps/progs.pl
@@ -6,22 +6,22 @@ print "/* automatically generated by progs.pl for openssl.c */\n\n";
 grep(s/^asn1pars$/asn1parse/,@ARGV);
 
 foreach (@ARGV)
-	{ printf "extern int %s_main(int argc,char *argv[]);\n",$_; }
+	{ printf "extern int %s_main(int argc, char *argv[]);\n",$_; }
 
 print <<'EOF';
 
-#define FUNC_TYPE_GENERAL	1
-#define FUNC_TYPE_MD		2
-#define FUNC_TYPE_CIPHER	3
-#define FUNC_TYPE_PKEY		4
-#define FUNC_TYPE_MD_ALG	5
-#define FUNC_TYPE_CIPHER_ALG	6
+#define FUNC_TYPE_GENERAL       1
+#define FUNC_TYPE_MD            2
+#define FUNC_TYPE_CIPHER        3
+#define FUNC_TYPE_PKEY          4
+#define FUNC_TYPE_MD_ALG        5
+#define FUNC_TYPE_CIPHER_ALG    6
 
 typedef struct {
-	int type;
-	const char *name;
-	int (*func)(int argc,char *argv[]);
-	} FUNCTION;
+    int type;
+    const char *name;
+    int (*func)(int argc, char *argv[]);
+} FUNCTION;
 DECLARE_LHASH_OF(FUNCTION);
 
 FUNCTION functions[] = {
@@ -30,7 +30,7 @@ EOF
 foreach (@ARGV)
 	{
 	push(@files,$_);
-	$str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n";
+	$str="    {FUNC_TYPE_GENERAL, \"$_\", ${_}_main},\n";
 	if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/))
 		{ print "#if !defined(OPENSSL_NO_SOCK)\n${str}#endif\n"; } 
 	elsif ( ($_ =~ /^speed$/))
@@ -60,7 +60,7 @@ foreach (@ARGV)
 foreach ("md2","md4","md5","sha","sha1","mdc2","rmd160")
 	{
 	push(@files,$_);
-	printf "#ifndef OPENSSL_NO_".uc($_)."\n\t{FUNC_TYPE_MD,\"".$_."\",dgst_main},\n#endif\n";
+	printf "#ifndef OPENSSL_NO_".uc($_)."\n    {FUNC_TYPE_MD, \"".$_."\", dgst_main},\n#endif\n";
 	}
 
 foreach (
@@ -86,7 +86,7 @@ foreach (
 	{
 	push(@files,$_);
 
-	$t=sprintf("\t{FUNC_TYPE_CIPHER,\"%s\",enc_main},\n",$_);
+	$t=sprintf("    {FUNC_TYPE_CIPHER, \"%s\", enc_main},\n",$_);
 	if    ($_ =~ /des/)  { $t="#ifndef OPENSSL_NO_DES\n${t}#endif\n"; }
 	elsif ($_ =~ /aes/)  { $t="#ifndef OPENSSL_NO_AES\n${t}#endif\n"; }
 	elsif ($_ =~ /camellia/)  { $t="#ifndef OPENSSL_NO_CAMELLIA\n${t}#endif\n"; }
@@ -101,4 +101,4 @@ foreach (
 	print $t;
 	}
 
-print "\t{0,NULL,NULL}\n\t};\n";
+print "    {0, NULL, NULL}\n};\n";
diff --git a/apps/req.c b/apps/req.c
index cdea1f611194..ede1d32cae62 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -331,7 +331,6 @@ int MAIN(int argc, char **argv)
         else if (strcmp(*argv, "-text") == 0)
             text = 1;
         else if (strcmp(*argv, "-x509") == 0) {
-            newreq = 1;
             x509 = 1;
         } else if (strcmp(*argv, "-asn1-kludge") == 0)
             kludge = 1;
@@ -447,6 +446,9 @@ int MAIN(int argc, char **argv)
         goto end;
     }
 
+    if (x509 && infile == NULL)
+        newreq = 1;
+
     ERR_load_crypto_strings();
     if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
         BIO_printf(bio_err, "Error getting passwords\n");
@@ -753,7 +755,7 @@ int MAIN(int argc, char **argv)
         }
     }
 
-    if (newreq) {
+    if (newreq || x509) {
         if (pkey == NULL) {
             BIO_printf(bio_err, "you need to specify a private key\n");
             goto end;
diff --git a/apps/s_client.c b/apps/s_client.c
index 3cabfb50ab8b..85c1b6b57944 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -2132,6 +2132,7 @@ int MAIN(int argc, char **argv)
         BIO_free(bio_c_msg);
         bio_c_msg = NULL;
     }
+    SSL_COMP_free_compression_methods();
     apps_shutdown();
     OPENSSL_EXIT(ret);
 }
diff --git a/apps/s_server.c b/apps/s_server.c
index b561cf3a362b..d75871386928 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -2132,6 +2132,7 @@ int MAIN(int argc, char *argv[])
         BIO_free(bio_s_msg);
         bio_s_msg = NULL;
     }
+    SSL_COMP_free_compression_methods();
     apps_shutdown();
     OPENSSL_EXIT(ret);
 }
diff --git a/apps/srp.c b/apps/srp.c
index 37341a5d20ed..ce01a24f2a78 100644
--- a/apps/srp.c
+++ b/apps/srp.c
@@ -183,10 +183,8 @@ static int update_index(CA_DB *db, BIO *bio, char **row)
         return 0;
     }
 
-    for (i = 0; i < DB_NUMBER; i++) {
+    for (i = 0; i < DB_NUMBER; i++)
         irow[i] = row[i];
-        row[i] = NULL;
-    }
     irow[DB_NUMBER] = NULL;
 
     if (!TXT_DB_insert(db->db, irow)) {