src - FreeBSD source tree

diff options


context:
space:
mode:

author	Jung-uk Kim <jkim@FreeBSD.org>	2016-03-01 17:57:01 +0000
committer	Jung-uk Kim <jkim@FreeBSD.org>	2016-03-01 17:57:01 +0000
commit	9aeed18ad799c20d3accf6e1535817538dc983f6 (patch)
tree	37a4bb1290ee86a2b4ce070f139b2379ee747425 /apps
parent	c188d4cade9cba451816aef2371942bea4ff837f (diff)
download	src-9aeed18ad799c20d3accf6e1535817538dc983f6.tar.gz src-9aeed18ad799c20d3accf6e1535817538dc983f6.zip

vendor/openssl/1.0.2g

Notes

Diffstat (limited to 'apps')

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

7 files changed, 96 insertions, 65 deletions

diff --git a/apps/apps.c b/apps/apps.c
index 2e778054ca8f..b1dd97038f7d 100644
--- a/apps/apps.c
+++ b/apps/apps.c

@@ -2442,7 +2442,11 @@ int bio_to_mem(unsigned char **out, int maxlen, BIO *in)

else

len = 1024;

len = BIO_read(in, tbuf, len);

- if (len <= 0)

+ if (len < 0) {

+ BIO_free(mem);

+ return -1;

+ }

+ if (len == 0)

break;

if (BIO_write(mem, tbuf, len) != len) {

BIO_free(mem);

@@ -2459,7 +2463,7 @@ int bio_to_mem(unsigned char **out, int maxlen, BIO *in)

return ret;

}

-int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value)

+int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value)

{

int rv;

char *stmp, *vtmp = NULL;

diff --git a/apps/apps.h b/apps/apps.h
index 8276e708694d..19bf5cc3337d 100644
--- a/apps/apps.h
+++ b/apps/apps.h

@@ -321,7 +321,7 @@ int args_verify(char ***pargs, int *pargc,

int *badarg, BIO *err, X509_VERIFY_PARAM **pm);

void policies_print(BIO *out, X509_STORE_CTX *ctx);

int bio_to_mem(unsigned char **out, int maxlen, BIO *in);

-int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value);

+int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value);

int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx,

const char *algname, ENGINE *e, int do_param);

int do_X509_sign(BIO *err, X509 *x, EVP_PKEY *pkey, const EVP_MD *md,

diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
index c8d513b44ac4..e47206c40a11 100644
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c

@@ -73,7 +73,7 @@ static void usage(void);

#define PROG pkeyutl_main

static EVP_PKEY_CTX *init_ctx(int *pkeysize,

- char *keyfile, int keyform, int key_type,

+ const char *keyfile, int keyform, int key_type,

char *passargin, int pkey_op, ENGINE *e,

int impl);

@@ -99,10 +99,12 @@ int MAIN(int argc, char **argv)

char *passargin = NULL;

int keysize = -1;

int engine_impl = 0;

unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL;

- size_t buf_outlen;

+ size_t buf_outlen = 0;

int buf_inlen = 0, siglen = -1;

+ const char *inkey = NULL;

+ const char *peerkey = NULL;

+ STACK_OF(OPENSSL_STRING) *pkeyopts = NULL;

int ret = 1, rv = -1;

@@ -136,21 +138,13 @@ int MAIN(int argc, char **argv)

} else if (!strcmp(*argv, "-inkey")) {

if (--argc < 1)

badarg = 1;

- else {

- ctx = init_ctx(&keysize,

- *(++argv), keyform, key_type,

- passargin, pkey_op, e, engine_impl);

- if (!ctx) {

- BIO_puts(bio_err, "Error initializing context\n");

- ERR_print_errors(bio_err);

- badarg = 1;

- }

+ else

+ inkey = *++argv;

} else if (!strcmp(*argv, "-peerkey")) {

if (--argc < 1)

badarg = 1;

- else if (!setup_peer(bio_err, ctx, peerform, *(++argv), e))

- badarg = 1;

+ else

+ peerkey = *++argv;

} else if (!strcmp(*argv, "-passin")) {

if (--argc < 1)

badarg = 1;

@@ -191,23 +185,21 @@ int MAIN(int argc, char **argv)

pkey_op = EVP_PKEY_OP_VERIFY;

else if (!strcmp(*argv, "-verifyrecover"))

pkey_op = EVP_PKEY_OP_VERIFYRECOVER;

- else if (!strcmp(*argv, "-rev"))

- rev = 1;

else if (!strcmp(*argv, "-encrypt"))

pkey_op = EVP_PKEY_OP_ENCRYPT;

else if (!strcmp(*argv, "-decrypt"))

pkey_op = EVP_PKEY_OP_DECRYPT;

else if (!strcmp(*argv, "-derive"))

pkey_op = EVP_PKEY_OP_DERIVE;

+ else if (!strcmp(*argv, "-rev"))

+ rev = 1;

else if (strcmp(*argv, "-pkeyopt") == 0) {

if (--argc < 1)

badarg = 1;

- else if (!ctx) {

- BIO_puts(bio_err, "-pkeyopt command before -inkey\n");

- badarg = 1;

- } else if (pkey_ctrl_string(ctx, *(++argv)) <= 0) {

- BIO_puts(bio_err, "parameter setting error\n");

- ERR_print_errors(bio_err);

+ else if ((pkeyopts == NULL &&

+ (pkeyopts = sk_OPENSSL_STRING_new_null()) == NULL) ||

+ sk_OPENSSL_STRING_push(pkeyopts, *++argv) == 0) {

+ BIO_puts(bio_err, "out of memory\n");

goto end;

}

} else

@@ -220,10 +212,37 @@ int MAIN(int argc, char **argv)

argv++;

}

- if (!ctx) {

+ if (inkey == NULL ||

+ (peerkey != NULL && pkey_op != EVP_PKEY_OP_DERIVE)) {

usage();

goto end;

}

+ ctx = init_ctx(&keysize, inkey, keyform, key_type,

+ passargin, pkey_op, e, engine_impl);

+ if (!ctx) {

+ BIO_puts(bio_err, "Error initializing context\n");

+ ERR_print_errors(bio_err);

+ goto end;

+ }

+ if (peerkey != NULL && !setup_peer(bio_err, ctx, peerform, peerkey, e)) {

+ BIO_puts(bio_err, "Error setting up peer key\n");

+ ERR_print_errors(bio_err);

+ goto end;

+ }

+ if (pkeyopts != NULL) {

+ int num = sk_OPENSSL_STRING_num(pkeyopts);

+ int i;

+ for (i = 0; i < num; ++i) {

+ const char *opt = sk_OPENSSL_STRING_value(pkeyopts, i);

+ if (pkey_ctrl_string(ctx, opt) <= 0) {

+ BIO_puts(bio_err, "parameter setting error\n");

+ ERR_print_errors(bio_err);

+ goto end;

+ }

if (sigfile && (pkey_op != EVP_PKEY_OP_VERIFY)) {

BIO_puts(bio_err, "Signature file specified for non verify\n");

@@ -273,7 +292,7 @@ int MAIN(int argc, char **argv)

}

siglen = bio_to_mem(&sig, keysize * 10, sigbio);

BIO_free(sigbio);

- if (siglen <= 0) {

+ if (siglen < 0) {

BIO_printf(bio_err, "Error reading signature data\n");

goto end;

}

@@ -282,7 +301,7 @@ int MAIN(int argc, char **argv)

if (in) {

/* Read the input data */

buf_inlen = bio_to_mem(&buf_in, keysize * 10, in);

- if (buf_inlen <= 0) {

+ if (buf_inlen < 0) {

BIO_printf(bio_err, "Error reading input Data\n");

exit(1);

}

@@ -310,7 +329,7 @@ int MAIN(int argc, char **argv)

} else {

rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen,

buf_in, (size_t)buf_inlen);

- if (rv > 0) {

+ if (rv > 0 && buf_outlen != 0) {

buf_out = OPENSSL_malloc(buf_outlen);

if (!buf_out)

rv = -1;

@@ -340,12 +359,14 @@ int MAIN(int argc, char **argv)

EVP_PKEY_CTX_free(ctx);

BIO_free(in);

BIO_free_all(out);

- if (buf_in)

+ if (buf_in != NULL)

OPENSSL_free(buf_in);

- if (buf_out)

+ if (buf_out != NULL)

OPENSSL_free(buf_out);

- if (sig)

+ if (sig != NULL)

OPENSSL_free(sig);

+ if (pkeyopts != NULL)

+ sk_OPENSSL_STRING_free(pkeyopts);

return ret;

}

@@ -380,7 +401,7 @@ static void usage()

}

static EVP_PKEY_CTX *init_ctx(int *pkeysize,

- char *keyfile, int keyform, int key_type,

+ const char *keyfile, int keyform, int key_type,

char *passargin, int pkey_op, ENGINE *e,

int engine_impl)

{

@@ -484,14 +505,9 @@ static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform,

EVP_PKEY *peer = NULL;

ENGINE* engine = NULL;

int ret;

- if (!ctx) {

- BIO_puts(err, "-peerkey command before -inkey\n");

- return 0;

- }

if (peerform == FORMAT_ENGINE)

- engine = e;

+ engine = e;

peer = load_pubkey(bio_err, file, peerform, 0, NULL, engine, "Peer Key");

if (!peer) {

diff --git a/apps/req.c b/apps/req.c
index 57781c93c4ca..e818bd2976d6 100644
--- a/apps/req.c
+++ b/apps/req.c

@@ -101,8 +101,8 @@

#define STRING_MASK "string_mask"

#define UTF8_IN "utf8"

-#define DEFAULT_KEY_LENGTH 512

-#define MIN_KEY_LENGTH 384

+#define DEFAULT_KEY_LENGTH 2048

+#define MIN_KEY_LENGTH 512

#undef PROG

#define PROG req_main

diff --git a/apps/rsautl.c b/apps/rsautl.c
index d642f9ad97f3..5b6f849ea74d 100644
--- a/apps/rsautl.c
+++ b/apps/rsautl.c

@@ -250,7 +250,7 @@ int MAIN(int argc, char **argv)

if (outfile) {

if (!(out = BIO_new_file(outfile, "wb"))) {

- BIO_printf(bio_err, "Error Reading Output File\n");

+ BIO_printf(bio_err, "Error Writing Output File\n");

ERR_print_errors(bio_err);

goto end;

}

@@ -276,7 +276,7 @@ int MAIN(int argc, char **argv)

/* Read the input data */

rsa_inlen = BIO_read(in, rsa_in, keysize * 2);

- if (rsa_inlen <= 0) {

+ if (rsa_inlen < 0) {

BIO_printf(bio_err, "Error reading input Data\n");

exit(1);

}

@@ -311,7 +311,7 @@ int MAIN(int argc, char **argv)

}

- if (rsa_outlen <= 0) {

+ if (rsa_outlen < 0) {

BIO_printf(bio_err, "RSA operation error\n");

ERR_print_errors(bio_err);

goto end;

diff --git a/apps/s_client.c b/apps/s_client.c
index caf76d35dc5a..0c1102b9c36a 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c

@@ -391,8 +391,6 @@ static void sc_usage(void)

BIO_printf(bio_err,

" -bugs - Switch on all SSL implementation bug workarounds\n");

BIO_printf(bio_err,

- " -serverpref - Use server's cipher preferences (only SSLv2)\n");

- BIO_printf(bio_err,

" -cipher - preferred cipher to use, use the 'openssl ciphers'\n");

BIO_printf(bio_err,

" command to see what is available\n");

diff --git a/apps/s_server.c b/apps/s_server.c
index 65cbaaf6eb9b..09c755b55cfe 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c

@@ -429,6 +429,8 @@ typedef struct srpsrvparm_st {

static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)

{

srpsrvparm *p = (srpsrvparm *) arg;

+ int ret = SSL3_AL_FATAL;

if (p->login == NULL && p->user == NULL) {

p->login = SSL_get_srp_username(s);

BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login);

@@ -437,21 +439,25 @@ static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)

if (p->user == NULL) {

BIO_printf(bio_err, "User %s doesn't exist\n", p->login);

- return SSL3_AL_FATAL;

+ goto err;

}

if (SSL_set_srp_server_param

(s, p->user->N, p->user->g, p->user->s, p->user->v,

p->user->info) < 0) {

*ad = SSL_AD_INTERNAL_ERROR;

- return SSL3_AL_FATAL;

+ goto err;

}

BIO_printf(bio_err,

"SRP parameters set: username = \"%s\" info=\"%s\" \n",

p->login, p->user->info);

- /* need to check whether there are memory leaks */

+ ret = SSL_ERROR_NONE;

+err:

+ SRP_user_pwd_free(p->user);

p->user = NULL;

p->login = NULL;

- return SSL_ERROR_NONE;

+ return ret;

}

#endif

@@ -2452,9 +2458,10 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context)

#ifndef OPENSSL_NO_SRP

while (SSL_get_error(con, k) == SSL_ERROR_WANT_X509_LOOKUP) {

BIO_printf(bio_s_out, "LOOKUP renego during write\n");

+ SRP_user_pwd_free(srp_callback_parm.user);

srp_callback_parm.user =

- SRP_VBASE_get_by_user(srp_callback_parm.vb,

- srp_callback_parm.login);

+ SRP_VBASE_get1_by_user(srp_callback_parm.vb,

+ srp_callback_parm.login);

if (srp_callback_parm.user)

BIO_printf(bio_s_out, "LOOKUP done %s\n",

srp_callback_parm.user->info);

@@ -2508,9 +2515,10 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context)

#ifndef OPENSSL_NO_SRP

while (SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {

BIO_printf(bio_s_out, "LOOKUP renego during read\n");

+ SRP_user_pwd_free(srp_callback_parm.user);

srp_callback_parm.user =

- SRP_VBASE_get_by_user(srp_callback_parm.vb,

- srp_callback_parm.login);

+ SRP_VBASE_get1_by_user(srp_callback_parm.vb,

+ srp_callback_parm.login);

if (srp_callback_parm.user)

BIO_printf(bio_s_out, "LOOKUP done %s\n",

srp_callback_parm.user->info);

@@ -2605,9 +2613,10 @@ static int init_ssl_connection(SSL *con)

while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {

BIO_printf(bio_s_out, "LOOKUP during accept %s\n",

srp_callback_parm.login);

+ SRP_user_pwd_free(srp_callback_parm.user);

srp_callback_parm.user =

- SRP_VBASE_get_by_user(srp_callback_parm.vb,

- srp_callback_parm.login);

+ SRP_VBASE_get1_by_user(srp_callback_parm.vb,

+ srp_callback_parm.login);

if (srp_callback_parm.user)

BIO_printf(bio_s_out, "LOOKUP done %s\n",

srp_callback_parm.user->info);

@@ -2849,9 +2858,10 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context)

&& SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {

BIO_printf(bio_s_out, "LOOKUP during accept %s\n",

srp_callback_parm.login);

+ SRP_user_pwd_free(srp_callback_parm.user);

srp_callback_parm.user =

- SRP_VBASE_get_by_user(srp_callback_parm.vb,

- srp_callback_parm.login);

+ SRP_VBASE_get1_by_user(srp_callback_parm.vb,

+ srp_callback_parm.login);

if (srp_callback_parm.user)

BIO_printf(bio_s_out, "LOOKUP done %s\n",

srp_callback_parm.user->info);

@@ -2891,9 +2901,10 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context)

if (BIO_should_io_special(io)

&& BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) {

BIO_printf(bio_s_out, "LOOKUP renego during read\n");

+ SRP_user_pwd_free(srp_callback_parm.user);

srp_callback_parm.user =

- SRP_VBASE_get_by_user(srp_callback_parm.vb,

- srp_callback_parm.login);

+ SRP_VBASE_get1_by_user(srp_callback_parm.vb,

+ srp_callback_parm.login);

if (srp_callback_parm.user)

BIO_printf(bio_s_out, "LOOKUP done %s\n",

srp_callback_parm.user->info);

@@ -3236,9 +3247,10 @@ static int rev_body(char *hostname, int s, int stype, unsigned char *context)

if (BIO_should_io_special(io)

&& BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) {

BIO_printf(bio_s_out, "LOOKUP renego during accept\n");

+ SRP_user_pwd_free(srp_callback_parm.user);

srp_callback_parm.user =

- SRP_VBASE_get_by_user(srp_callback_parm.vb,

- srp_callback_parm.login);

+ SRP_VBASE_get1_by_user(srp_callback_parm.vb,

+ srp_callback_parm.login);

if (srp_callback_parm.user)

BIO_printf(bio_s_out, "LOOKUP done %s\n",

srp_callback_parm.user->info);

@@ -3264,9 +3276,10 @@ static int rev_body(char *hostname, int s, int stype, unsigned char *context)

if (BIO_should_io_special(io)

&& BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) {

BIO_printf(bio_s_out, "LOOKUP renego during read\n");

+ SRP_user_pwd_free(srp_callback_parm.user);

srp_callback_parm.user =

- SRP_VBASE_get_by_user(srp_callback_parm.vb,

- srp_callback_parm.login);

+ SRP_VBASE_get1_by_user(srp_callback_parm.vb,

+ srp_callback_parm.login);

if (srp_callback_parm.user)

BIO_printf(bio_s_out, "LOOKUP done %s\n",

srp_callback_parm.user->info);