src - FreeBSD source tree

diff options


context:
space:
mode:

author	Jung-uk Kim <jkim@FreeBSD.org>	2018-11-20 21:10:04 +0000
committer	Jung-uk Kim <jkim@FreeBSD.org>	2018-11-20 21:10:04 +0000
commit	c9cf7b5cb1693e44f8caa63f47bbb9ae85508687 (patch)
tree	be0fc9bf99325b704e1acf3e4c17998680640fac /crypto/openssl/apps
parent	b18e62b6da0140aa06c4da854929a3febeb4e4b9 (diff)
parent	8c3f9abd70b3f447a4795c1b00b386b044fb322d (diff)
download	src-c9cf7b5cb1693e44f8caa63f47bbb9ae85508687.tar.gz src-c9cf7b5cb1693e44f8caa63f47bbb9ae85508687.zip

Notes

Diffstat (limited to 'crypto/openssl/apps')

-rw-r--r--

crypto/openssl/apps/app_rand.c

-rw-r--r--

crypto/openssl/apps/apps.c

-rw-r--r--

crypto/openssl/apps/apps.h

-rw-r--r--

crypto/openssl/apps/ca.c

-rw-r--r--

crypto/openssl/apps/ocsp.c

-rw-r--r--

crypto/openssl/apps/openssl.cnf

-rw-r--r--

crypto/openssl/apps/opt.c

-rw-r--r--

crypto/openssl/apps/rehash.c

-rw-r--r--

crypto/openssl/apps/rsa.c

-rw-r--r--

crypto/openssl/apps/s_cb.c

-rw-r--r--

crypto/openssl/apps/s_server.c

-rw-r--r--

crypto/openssl/apps/speed.c

-rw-r--r--

crypto/openssl/apps/x509.c

13 files changed, 41 insertions, 28 deletions

diff --git a/crypto/openssl/apps/app_rand.c b/crypto/openssl/apps/app_rand.c
index 28caad41a7d8..2b0bbde03423 100644
--- a/crypto/openssl/apps/app_rand.c
+++ b/crypto/openssl/apps/app_rand.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -26,7 +26,6 @@ void app_RAND_load_conf(CONF *c, const char *section)

if (RAND_load_file(randfile, -1) < 0) {

BIO_printf(bio_err, "Can't load %s into RNG\n", randfile);

ERR_print_errors(bio_err);

- return;

}

if (save_rand_file == NULL)

save_rand_file = OPENSSL_strdup(randfile);

diff --git a/crypto/openssl/apps/apps.c b/crypto/openssl/apps/apps.c
index 9be656054a45..653e3973e04d 100644
--- a/crypto/openssl/apps/apps.c
+++ b/crypto/openssl/apps/apps.c

@@ -1831,6 +1831,12 @@ X509_NAME *parse_name(const char *cp, long chtype, int canmulti)

opt_getprog(), typestr);

continue;

}

+ if (*valstr == '\0') {

+ BIO_printf(bio_err,

+ "%s: No value provided for Subject Attribute %s, skipped\n",

+ opt_getprog(), typestr);

+ continue;

+ }

if (!X509_NAME_add_entry_by_NID(n, nid, chtype,

valstr, strlen((char *)valstr),

-1, ismulti ? -1 : 0))

diff --git a/crypto/openssl/apps/apps.h b/crypto/openssl/apps/apps.h
index 5b98d27500ce..d9eb650eb211 100644
--- a/crypto/openssl/apps/apps.h
+++ b/crypto/openssl/apps/apps.h

@@ -369,7 +369,7 @@ typedef struct string_int_pair_st {

# define OPT_FMT_SMIME (1L << 3)

# define OPT_FMT_ENGINE (1L << 4)

# define OPT_FMT_MSBLOB (1L << 5)

-# define OPT_FMT_NETSCAPE (1L << 6)

+/* (1L << 6) was OPT_FMT_NETSCAPE, but wasn't used */

# define OPT_FMT_NSS (1L << 7)

# define OPT_FMT_TEXT (1L << 8)

# define OPT_FMT_HTTP (1L << 9)

@@ -378,8 +378,8 @@ typedef struct string_int_pair_st {

# define OPT_FMT_PDS (OPT_FMT_PEMDER | OPT_FMT_SMIME)

# define OPT_FMT_ANY ( \

OPT_FMT_PEMDER | OPT_FMT_PKCS12 | OPT_FMT_SMIME | \

- OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NETSCAPE | \

- OPT_FMT_NSS | OPT_FMT_TEXT | OPT_FMT_HTTP | OPT_FMT_PVK)

+ OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NSS | \

+ OPT_FMT_TEXT | OPT_FMT_HTTP | OPT_FMT_PVK)

char *opt_progname(const char *argv0);

char *opt_getprog(void);

diff --git a/crypto/openssl/apps/ca.c b/crypto/openssl/apps/ca.c
index 48f7cd197387..69207c0662ed 100644
--- a/crypto/openssl/apps/ca.c
+++ b/crypto/openssl/apps/ca.c

@@ -605,7 +605,7 @@ end_of_options:

* outdir is a directory spec, but access() for VMS demands a

* filename. We could use the DEC C routine to convert the

- * directory syntax to Unixly, and give that to app_isdir,

+ * directory syntax to Unix, and give that to app_isdir,

* but for now the fopen will catch the error if it's not a

* directory

@@ -976,7 +976,7 @@ end_of_options:

BIO_printf(bio_err, "Write out database with %d new entries\n",

sk_X509_num(cert_sk));

- if (!rand_ser

+ if (serialfile != NULL

&& !save_serial(serialfile, "new", serial, NULL))

goto end;

@@ -1044,7 +1044,8 @@ end_of_options:

if (sk_X509_num(cert_sk)) {

/* Rename the database and the serial file */

- if (!rotate_serial(serialfile, "new", "old"))

+ if (serialfile != NULL

+ && !rotate_serial(serialfile, "new", "old"))

goto end;

if (!rotate_index(dbfile, "new", "old"))

@@ -1177,10 +1178,9 @@ end_of_options:

}

/* we have a CRL number that need updating */

- if (crlnumberfile != NULL)

- if (!rand_ser

- && !save_serial(crlnumberfile, "new", crlnumber, NULL))

- goto end;

+ if (crlnumberfile != NULL

+ && !save_serial(crlnumberfile, "new", crlnumber, NULL))

+ goto end;

BN_free(crlnumber);

crlnumber = NULL;

@@ -1195,9 +1195,10 @@ end_of_options:

PEM_write_bio_X509_CRL(Sout, crl);

- if (crlnumberfile != NULL) /* Rename the crlnumber file */

- if (!rotate_serial(crlnumberfile, "new", "old"))

- goto end;

+ /* Rename the crlnumber file */

+ if (crlnumberfile != NULL

+ && !rotate_serial(crlnumberfile, "new", "old"))

+ goto end;

}

/*****************************************************************/

diff --git a/crypto/openssl/apps/ocsp.c b/crypto/openssl/apps/ocsp.c
index eb822c2696eb..7fd78624bbcc 100644
--- a/crypto/openssl/apps/ocsp.c
+++ b/crypto/openssl/apps/ocsp.c

@@ -950,6 +950,7 @@ static void spawn_loop(void)

sleep(30);

break;

case 0: /* child */

+ OPENSSL_free(kidpids);

signal(SIGINT, SIG_DFL);

signal(SIGTERM, SIG_DFL);

if (termsig)

@@ -976,6 +977,7 @@ static void spawn_loop(void)

}

/* The loop above can only break on termsig */

+ OPENSSL_free(kidpids);

syslog(LOG_INFO, "terminating on signal: %d", termsig);

killall(0, kidpids);

}

diff --git a/crypto/openssl/apps/openssl.cnf b/crypto/openssl/apps/openssl.cnf
index a1520e496915..24538651ebb7 100644
--- a/crypto/openssl/apps/openssl.cnf
+++ b/crypto/openssl/apps/openssl.cnf

@@ -11,7 +11,6 @@

# This definition stops the following lines choking if HOME isn't

# defined.

HOME = .

-RANDFILE = $ENV::HOME/.rnd

# Extra OBJECT IDENTIFIER info:

#oid_file = $ENV::HOME/.oid

@@ -58,7 +57,6 @@ crlnumber = $dir/crlnumber # the current crl number

# must be commented out to leave a V1 CRL

crl = $dir/crl.pem # The current CRL

private_key = $dir/private/cakey.pem# The private key

-RANDFILE = $dir/private/.rand # private random number file

x509_extensions = usr_cert # The extensions to add to the cert

diff --git a/crypto/openssl/apps/opt.c b/crypto/openssl/apps/opt.c
index cc1418449e29..666856535d5e 100644
--- a/crypto/openssl/apps/opt.c
+++ b/crypto/openssl/apps/opt.c

@@ -168,7 +168,6 @@ static OPT_PAIR formats[] = {

{"smime", OPT_FMT_SMIME},

{"engine", OPT_FMT_ENGINE},

{"msblob", OPT_FMT_MSBLOB},

- {"netscape", OPT_FMT_NETSCAPE},

{"nss", OPT_FMT_NSS},

{"text", OPT_FMT_TEXT},

{"http", OPT_FMT_HTTP},

diff --git a/crypto/openssl/apps/rehash.c b/crypto/openssl/apps/rehash.c
index de7217cb1003..bb41d3129f9c 100644
--- a/crypto/openssl/apps/rehash.c
+++ b/crypto/openssl/apps/rehash.c

@@ -1,6 +1,6 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

diff --git a/crypto/openssl/apps/rsa.c b/crypto/openssl/apps/rsa.c
index 6458b3d9c5aa..fdd02dce3241 100644
--- a/crypto/openssl/apps/rsa.c
+++ b/crypto/openssl/apps/rsa.c

@@ -38,8 +38,8 @@ typedef enum OPTION_choice {

const OPTIONS rsa_options[] = {

{"help", OPT_HELP, '-', "Display this summary"},

- {"inform", OPT_INFORM, 'f', "Input format, one of DER NET PEM"},

- {"outform", OPT_OUTFORM, 'f', "Output format, one of DER NET PEM PVK"},

+ {"inform", OPT_INFORM, 'f', "Input format, one of DER PEM"},

+ {"outform", OPT_OUTFORM, 'f', "Output format, one of DER PEM PVK"},

{"in", OPT_IN, 's', "Input file"},

{"out", OPT_OUT, '>', "Output file"},

{"pubin", OPT_PUBIN, '-', "Expect a public key in input file"},

@@ -269,6 +269,9 @@ int rsa_main(int argc, char **argv)

} else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {

EVP_PKEY *pk;

pk = EVP_PKEY_new();

+ if (pk == NULL)

+ goto end;

EVP_PKEY_set1_RSA(pk, rsa);

if (outformat == FORMAT_PVK) {

if (pubin) {

diff --git a/crypto/openssl/apps/s_cb.c b/crypto/openssl/apps/s_cb.c
index 46b386428461..2d4568f40ccb 100644
--- a/crypto/openssl/apps/s_cb.c
+++ b/crypto/openssl/apps/s_cb.c

@@ -394,7 +394,8 @@ int ssl_print_groups(BIO *out, SSL *s, int noshared)

int ssl_print_tmp_key(BIO *out, SSL *s)

{

EVP_PKEY *key;

- if (!SSL_get_server_tmp_key(s, &key))

+ if (!SSL_get_peer_tmp_key(s, &key))

return 1;

BIO_puts(out, "Server Temp Key: ");

switch (EVP_PKEY_id(key)) {

diff --git a/crypto/openssl/apps/s_server.c b/crypto/openssl/apps/s_server.c
index e3bb1a672d01..ac7dca607ba4 100644
--- a/crypto/openssl/apps/s_server.c
+++ b/crypto/openssl/apps/s_server.c

@@ -193,9 +193,8 @@ static int psk_find_session_cb(SSL *ssl, const unsigned char *identity,

if (strlen(psk_identity) != identity_len

|| memcmp(psk_identity, identity, identity_len) != 0) {

- BIO_printf(bio_s_out,

- "PSK warning: client identity not what we expected"

- " (got '%s' expected '%s')\n", identity, psk_identity);

+ *sess = NULL;

+ return 1;

}

if (psksess != NULL) {

@@ -1622,6 +1621,11 @@ int s_server_main(int argc, char *argv[])

goto end;

}

#endif

+ if (early_data && (www > 0 || rev)) {

+ BIO_printf(bio_err,

+ "Can't use -early_data in combination with -www, -WWW, -HTTP, or -rev\n");

+ goto end;

+ }

#ifndef OPENSSL_NO_SCTP

if (protocol == IPPROTO_SCTP) {

diff --git a/crypto/openssl/apps/speed.c b/crypto/openssl/apps/speed.c
index a4879179e414..40e990408ab9 100644
--- a/crypto/openssl/apps/speed.c
+++ b/crypto/openssl/apps/speed.c

@@ -2896,7 +2896,7 @@ int speed_main(int argc, char **argv)

if (rsa_count <= 1) {

/* if longer than 10s, don't do any more */

- for (testnum++; testnum < EC_NUM; testnum++)

+ for (testnum++; testnum < ECDSA_NUM; testnum++)

ecdsa_doit[testnum] = 0;

}

diff --git a/crypto/openssl/apps/x509.c b/crypto/openssl/apps/x509.c
index d40960c0b93f..81291a9a4f90 100644
--- a/crypto/openssl/apps/x509.c
+++ b/crypto/openssl/apps/x509.c

@@ -67,10 +67,10 @@ typedef enum OPTION_choice {

const OPTIONS x509_options[] = {

{"help", OPT_HELP, '-', "Display this summary"},

{"inform", OPT_INFORM, 'f',

- "Input format - default PEM (one of DER, NET or PEM)"},

+ "Input format - default PEM (one of DER or PEM)"},

{"in", OPT_IN, '<', "Input file - default stdin"},

{"outform", OPT_OUTFORM, 'f',

- "Output format - default PEM (one of DER, NET or PEM)"},

+ "Output format - default PEM (one of DER or PEM)"},

{"out", OPT_OUT, '>', "Output file - default stdout"},

{"keyform", OPT_KEYFORM, 'F', "Private key format - default PEM"},

{"passin", OPT_PASSIN, 's', "Private key password/pass-phrase source"},