diff options
author | Parménides GV <parmegv@sdf.org> | 2014-12-12 18:02:40 +0100 |
---|---|---|
committer | Parménides GV <parmegv@sdf.org> | 2014-12-12 18:04:08 +0100 |
commit | 97aded26654ede8204a313dd6967b678a72a2a10 (patch) | |
tree | 5c519d75774eff664df41881777cbae171caddf5 /app/openssl/apps | |
parent | 0e7e4005460964cf8dac080e3d99e1df2a1bdc4d (diff) |
Updated ics-openvpn to last rev 14 Nov 2014.
Material design!
It still doesn't run properly on my tablet, openvpn keeps getting down
and exiting.
Diffstat (limited to 'app/openssl/apps')
-rw-r--r-- | app/openssl/apps/apps.c | 4 | ||||
-rw-r--r-- | app/openssl/apps/ca.c | 5 | ||||
-rw-r--r-- | app/openssl/apps/ciphers.c | 6 | ||||
-rw-r--r-- | app/openssl/apps/crl2p7.c | 8 | ||||
-rw-r--r-- | app/openssl/apps/enc.c | 8 | ||||
-rw-r--r--[l---------] | app/openssl/apps/md4.c | 128 | ||||
-rw-r--r-- | app/openssl/apps/ocsp.c | 2 | ||||
-rw-r--r-- | app/openssl/apps/progs.h | 8 | ||||
-rw-r--r-- | app/openssl/apps/progs.pl | 2 | ||||
-rw-r--r-- | app/openssl/apps/s_client.c | 12 | ||||
-rw-r--r-- | app/openssl/apps/s_server.c | 16 |
11 files changed, 184 insertions, 15 deletions
diff --git a/app/openssl/apps/apps.c b/app/openssl/apps/apps.c index b76db10a..3e18289a 100644 --- a/app/openssl/apps/apps.c +++ b/app/openssl/apps/apps.c @@ -390,6 +390,8 @@ int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[]) { arg->count=20; arg->data=(char **)OPENSSL_malloc(sizeof(char *)*arg->count); + if (arg->data == NULL) + return 0; } for (i=0; i<arg->count; i++) arg->data[i]=NULL; @@ -1542,6 +1544,8 @@ char *make_config_name() len=strlen(t)+strlen(OPENSSL_CONF)+2; p=OPENSSL_malloc(len); + if (p == NULL) + return NULL; BUF_strlcpy(p,t,len); #ifndef OPENSSL_SYS_VMS BUF_strlcat(p,"/",len); diff --git a/app/openssl/apps/ca.c b/app/openssl/apps/ca.c index 1cf50e00..9c25026a 100644 --- a/app/openssl/apps/ca.c +++ b/app/openssl/apps/ca.c @@ -1620,12 +1620,14 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, { ok=0; BIO_printf(bio_err,"Signature verification problems....\n"); + ERR_print_errors(bio_err); goto err; } if (i == 0) { ok=0; BIO_printf(bio_err,"Signature did not match the certificate request\n"); + ERR_print_errors(bio_err); goto err; } else @@ -2777,6 +2779,9 @@ char *make_revocation_str(int rev_type, char *rev_arg) revtm = X509_gmtime_adj(NULL, 0); + if (!revtm) + return NULL; + i = revtm->length + 1; if (reason) i += strlen(reason) + 1; diff --git a/app/openssl/apps/ciphers.c b/app/openssl/apps/ciphers.c index 5f2b7397..93dce1c4 100644 --- a/app/openssl/apps/ciphers.c +++ b/app/openssl/apps/ciphers.c @@ -96,13 +96,7 @@ int MAIN(int argc, char **argv) char buf[512]; BIO *STDout=NULL; -#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) meth=SSLv23_server_method(); -#elif !defined(OPENSSL_NO_SSL3) - meth=SSLv3_server_method(); -#elif !defined(OPENSSL_NO_SSL2) - meth=SSLv2_server_method(); -#endif apps_startup(); diff --git a/app/openssl/apps/crl2p7.c b/app/openssl/apps/crl2p7.c index bbc83774..42c6886b 100644 --- a/app/openssl/apps/crl2p7.c +++ b/app/openssl/apps/crl2p7.c @@ -141,7 +141,13 @@ int MAIN(int argc, char **argv) { if (--argc < 1) goto bad; if(!certflst) certflst = sk_OPENSSL_STRING_new_null(); - sk_OPENSSL_STRING_push(certflst,*(++argv)); + if (!certflst) + goto end; + if (!sk_OPENSSL_STRING_push(certflst,*(++argv))) + { + sk_OPENSSL_STRING_free(certflst); + goto end; + } } else { diff --git a/app/openssl/apps/enc.c b/app/openssl/apps/enc.c index 19ea3df9..c8cb0212 100644 --- a/app/openssl/apps/enc.c +++ b/app/openssl/apps/enc.c @@ -67,7 +67,9 @@ #include <openssl/x509.h> #include <openssl/rand.h> #include <openssl/pem.h> +#ifndef OPENSSL_NO_COMP #include <openssl/comp.h> +#endif #include <ctype.h> int set_hex(char *in,unsigned char *out,int size); @@ -337,6 +339,12 @@ bad: goto end; } + if (cipher && (EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE)) + { + BIO_printf(bio_err, "Ciphers in XTS mode are not supported by the enc utility\n"); + goto end; + } + if (md && (dgst=EVP_get_digestbyname(md)) == NULL) { BIO_printf(bio_err,"%s is an unsupported message digest type\n",md); diff --git a/app/openssl/apps/md4.c b/app/openssl/apps/md4.c index 7f457b2a..141415ad 120000..100644 --- a/app/openssl/apps/md4.c +++ b/app/openssl/apps/md4.c @@ -1 +1,127 @@ -../crypto/md4/md4.c
\ No newline at end of file +/* crypto/md4/md4.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <stdlib.h> +#include <openssl/md4.h> + +#define BUFSIZE 1024*16 + +void do_fp(FILE *f); +void pt(unsigned char *md); +#if !defined(_OSD_POSIX) && !defined(__DJGPP__) +int read(int, void *, unsigned int); +#endif + +int main(int argc, char **argv) + { + int i,err=0; + FILE *IN; + + if (argc == 1) + { + do_fp(stdin); + } + else + { + for (i=1; i<argc; i++) + { + IN=fopen(argv[i],"r"); + if (IN == NULL) + { + perror(argv[i]); + err++; + continue; + } + printf("MD4(%s)= ",argv[i]); + do_fp(IN); + fclose(IN); + } + } + exit(err); + } + +void do_fp(FILE *f) + { + MD4_CTX c; + unsigned char md[MD4_DIGEST_LENGTH]; + int fd; + int i; + static unsigned char buf[BUFSIZE]; + + fd=fileno(f); + MD4_Init(&c); + for (;;) + { + i=read(fd,buf,sizeof buf); + if (i <= 0) break; + MD4_Update(&c,buf,(unsigned long)i); + } + MD4_Final(&(md[0]),&c); + pt(md); + } + +void pt(unsigned char *md) + { + int i; + + for (i=0; i<MD4_DIGEST_LENGTH; i++) + printf("%02x",md[i]); + printf("\n"); + } + diff --git a/app/openssl/apps/ocsp.c b/app/openssl/apps/ocsp.c index 767f12c6..04263ffd 100644 --- a/app/openssl/apps/ocsp.c +++ b/app/openssl/apps/ocsp.c @@ -1419,7 +1419,7 @@ OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req, } resp = query_responder(err, cbio, path, headers, req, req_timeout); if (!resp) - BIO_printf(bio_err, "Error querying OCSP responsder\n"); + BIO_printf(bio_err, "Error querying OCSP responder\n"); end: if (cbio) BIO_free_all(cbio); diff --git a/app/openssl/apps/progs.h b/app/openssl/apps/progs.h index dd2298b5..b162055d 100644 --- a/app/openssl/apps/progs.h +++ b/app/openssl/apps/progs.h @@ -107,16 +107,16 @@ FUNCTION functions[] = { {FUNC_TYPE_GENERAL,"gendsa",gendsa_main}, #endif {FUNC_TYPE_GENERAL,"genpkey",genpkey_main}, -#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3)) +#if !defined(OPENSSL_NO_SOCK) {FUNC_TYPE_GENERAL,"s_server",s_server_main}, #endif -#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3)) +#if !defined(OPENSSL_NO_SOCK) {FUNC_TYPE_GENERAL,"s_client",s_client_main}, #endif #ifndef OPENSSL_NO_SPEED {FUNC_TYPE_GENERAL,"speed",speed_main}, #endif -#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3)) +#if !defined(OPENSSL_NO_SOCK) {FUNC_TYPE_GENERAL,"s_time",s_time_main}, #endif {FUNC_TYPE_GENERAL,"version",version_main}, @@ -126,7 +126,7 @@ FUNCTION functions[] = { #endif {FUNC_TYPE_GENERAL,"crl2pkcs7",crl2pkcs7_main}, {FUNC_TYPE_GENERAL,"sess_id",sess_id_main}, -#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3)) +#if !defined(OPENSSL_NO_SOCK) {FUNC_TYPE_GENERAL,"ciphers",ciphers_main}, #endif {FUNC_TYPE_GENERAL,"nseq",nseq_main}, diff --git a/app/openssl/apps/progs.pl b/app/openssl/apps/progs.pl index 39ca8f71..fa6258cf 100644 --- a/app/openssl/apps/progs.pl +++ b/app/openssl/apps/progs.pl @@ -32,7 +32,7 @@ foreach (@ARGV) push(@files,$_); $str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n"; if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/)) - { print "#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))\n${str}#endif\n"; } + { print "#if !defined(OPENSSL_NO_SOCK)\n${str}#endif\n"; } elsif ( ($_ =~ /^speed$/)) { print "#ifndef OPENSSL_NO_SPEED\n${str}#endif\n"; } elsif ( ($_ =~ /^engine$/)) diff --git a/app/openssl/apps/s_client.c b/app/openssl/apps/s_client.c index 0c705803..dfe2de1f 100644 --- a/app/openssl/apps/s_client.c +++ b/app/openssl/apps/s_client.c @@ -290,6 +290,7 @@ static void sc_usage(void) BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR); BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n"); + BIO_printf(bio_err," -verify_return_error - return verification errors\n"); BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n"); BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n"); BIO_printf(bio_err," -key arg - Private key file to use, in cert file if\n"); @@ -300,6 +301,7 @@ static void sc_usage(void) BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n"); BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n"); BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n"); + BIO_printf(bio_err," -prexit - print session information even on connection failure\n"); BIO_printf(bio_err," -showcerts - show all certificates in the chain\n"); BIO_printf(bio_err," -debug - extra output\n"); #ifdef WATT32 @@ -335,6 +337,7 @@ static void sc_usage(void) BIO_printf(bio_err," -tls1_1 - just use TLSv1.1\n"); BIO_printf(bio_err," -tls1 - just use TLSv1\n"); BIO_printf(bio_err," -dtls1 - just use DTLSv1\n"); + BIO_printf(bio_err," -fallback_scsv - send TLS_FALLBACK_SCSV\n"); BIO_printf(bio_err," -mtu - set the link layer MTU\n"); BIO_printf(bio_err," -no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n"); BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n"); @@ -621,6 +624,7 @@ int MAIN(int argc, char **argv) char *sess_out = NULL; struct sockaddr peer; int peerlen = sizeof(peer); + int fallback_scsv = 0; int enable_timeouts = 0 ; long socket_mtu = 0; #ifndef OPENSSL_NO_JPAKE @@ -827,6 +831,10 @@ int MAIN(int argc, char **argv) meth=DTLSv1_client_method(); socket_type=SOCK_DGRAM; } + else if (strcmp(*argv,"-fallback_scsv") == 0) + { + fallback_scsv = 1; + } else if (strcmp(*argv,"-timeout") == 0) enable_timeouts=1; else if (strcmp(*argv,"-mtu") == 0) @@ -1273,6 +1281,10 @@ bad: SSL_set_session(con, sess); SSL_SESSION_free(sess); } + + if (fallback_scsv) + SSL_set_mode(con, SSL_MODE_SEND_FALLBACK_SCSV); + #ifndef OPENSSL_NO_TLSEXT if (servername != NULL) { diff --git a/app/openssl/apps/s_server.c b/app/openssl/apps/s_server.c index 8198d7f0..fe7ad882 100644 --- a/app/openssl/apps/s_server.c +++ b/app/openssl/apps/s_server.c @@ -463,6 +463,7 @@ static void sv_usage(void) BIO_printf(bio_err," -context arg - set session ID context\n"); BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n"); BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n"); + BIO_printf(bio_err," -verify_return_error - return verification errors\n"); BIO_printf(bio_err," -cert arg - certificate file to use\n"); BIO_printf(bio_err," (default is %s)\n",TEST_CERT); BIO_printf(bio_err," -crl_check - check the peer certificate has not been revoked by its CA.\n" \ @@ -534,6 +535,7 @@ static void sv_usage(void) BIO_printf(bio_err," -no_ecdhe - Disable ephemeral ECDH\n"); #endif BIO_printf(bio_err," -bugs - Turn on SSL bug compatibility\n"); + BIO_printf(bio_err," -hack - workaround for early Netscape code\n"); BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n"); BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n"); BIO_printf(bio_err," -HTTP - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n"); @@ -562,6 +564,10 @@ static void sv_usage(void) #endif BIO_printf(bio_err," -keymatexport label - Export keying material using label\n"); BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n"); + BIO_printf(bio_err," -status - respond to certificate status requests\n"); + BIO_printf(bio_err," -status_verbose - enable status request verbose printout\n"); + BIO_printf(bio_err," -status_timeout n - status request responder timeout\n"); + BIO_printf(bio_err," -status_url URL - status request fallback URL\n"); } static int local_argc=0; @@ -739,7 +745,7 @@ static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg) if (servername) { - if (strcmp(servername,p->servername)) + if (strcasecmp(servername,p->servername)) return p->extension_error; if (ctx2) { @@ -1356,6 +1362,14 @@ bad: sv_usage(); goto end; } +#ifndef OPENSSL_NO_DTLS1 + if (www && socket_type == SOCK_DGRAM) + { + BIO_printf(bio_err, + "Can't use -HTTP, -www or -WWW with DTLS\n"); + goto end; + } +#endif #if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK) if (jpake_secret) |