diff options
Diffstat (limited to 'ics-openvpn-stripped/main/openssl/apps')
-rw-r--r-- | ics-openvpn-stripped/main/openssl/apps/apps.c | 4 | ||||
-rw-r--r-- | ics-openvpn-stripped/main/openssl/apps/ca.c | 5 | ||||
-rw-r--r-- | ics-openvpn-stripped/main/openssl/apps/ciphers.c | 6 | ||||
-rw-r--r-- | ics-openvpn-stripped/main/openssl/apps/crl2p7.c | 8 | ||||
-rw-r--r-- | ics-openvpn-stripped/main/openssl/apps/enc.c | 8 | ||||
-rw-r--r-- | ics-openvpn-stripped/main/openssl/apps/ocsp.c | 2 | ||||
-rw-r--r-- | ics-openvpn-stripped/main/openssl/apps/progs.h | 8 | ||||
-rw-r--r-- | ics-openvpn-stripped/main/openssl/apps/progs.pl | 2 | ||||
-rw-r--r-- | ics-openvpn-stripped/main/openssl/apps/s_client.c | 2 | ||||
-rw-r--r-- | ics-openvpn-stripped/main/openssl/apps/s_server.c | 16 |
10 files changed, 47 insertions, 14 deletions
diff --git a/ics-openvpn-stripped/main/openssl/apps/apps.c b/ics-openvpn-stripped/main/openssl/apps/apps.c index b76db10a..3e18289a 100644 --- a/ics-openvpn-stripped/main/openssl/apps/apps.c +++ b/ics-openvpn-stripped/main/openssl/apps/apps.c @@ -390,6 +390,8 @@ int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[]) { arg->count=20; arg->data=(char **)OPENSSL_malloc(sizeof(char *)*arg->count); + if (arg->data == NULL) + return 0; } for (i=0; i<arg->count; i++) arg->data[i]=NULL; @@ -1542,6 +1544,8 @@ char *make_config_name() len=strlen(t)+strlen(OPENSSL_CONF)+2; p=OPENSSL_malloc(len); + if (p == NULL) + return NULL; BUF_strlcpy(p,t,len); #ifndef OPENSSL_SYS_VMS BUF_strlcat(p,"/",len); diff --git a/ics-openvpn-stripped/main/openssl/apps/ca.c b/ics-openvpn-stripped/main/openssl/apps/ca.c index 1cf50e00..9c25026a 100644 --- a/ics-openvpn-stripped/main/openssl/apps/ca.c +++ b/ics-openvpn-stripped/main/openssl/apps/ca.c @@ -1620,12 +1620,14 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, { ok=0; BIO_printf(bio_err,"Signature verification problems....\n"); + ERR_print_errors(bio_err); goto err; } if (i == 0) { ok=0; BIO_printf(bio_err,"Signature did not match the certificate request\n"); + ERR_print_errors(bio_err); goto err; } else @@ -2777,6 +2779,9 @@ char *make_revocation_str(int rev_type, char *rev_arg) revtm = X509_gmtime_adj(NULL, 0); + if (!revtm) + return NULL; + i = revtm->length + 1; if (reason) i += strlen(reason) + 1; diff --git a/ics-openvpn-stripped/main/openssl/apps/ciphers.c b/ics-openvpn-stripped/main/openssl/apps/ciphers.c index 5f2b7397..93dce1c4 100644 --- a/ics-openvpn-stripped/main/openssl/apps/ciphers.c +++ b/ics-openvpn-stripped/main/openssl/apps/ciphers.c @@ -96,13 +96,7 @@ int MAIN(int argc, char **argv) char buf[512]; BIO *STDout=NULL; -#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) meth=SSLv23_server_method(); -#elif !defined(OPENSSL_NO_SSL3) - meth=SSLv3_server_method(); -#elif !defined(OPENSSL_NO_SSL2) - meth=SSLv2_server_method(); -#endif apps_startup(); diff --git a/ics-openvpn-stripped/main/openssl/apps/crl2p7.c b/ics-openvpn-stripped/main/openssl/apps/crl2p7.c index bbc83774..42c6886b 100644 --- a/ics-openvpn-stripped/main/openssl/apps/crl2p7.c +++ b/ics-openvpn-stripped/main/openssl/apps/crl2p7.c @@ -141,7 +141,13 @@ int MAIN(int argc, char **argv) { if (--argc < 1) goto bad; if(!certflst) certflst = sk_OPENSSL_STRING_new_null(); - sk_OPENSSL_STRING_push(certflst,*(++argv)); + if (!certflst) + goto end; + if (!sk_OPENSSL_STRING_push(certflst,*(++argv))) + { + sk_OPENSSL_STRING_free(certflst); + goto end; + } } else { diff --git a/ics-openvpn-stripped/main/openssl/apps/enc.c b/ics-openvpn-stripped/main/openssl/apps/enc.c index 19ea3df9..c8cb0212 100644 --- a/ics-openvpn-stripped/main/openssl/apps/enc.c +++ b/ics-openvpn-stripped/main/openssl/apps/enc.c @@ -67,7 +67,9 @@ #include <openssl/x509.h> #include <openssl/rand.h> #include <openssl/pem.h> +#ifndef OPENSSL_NO_COMP #include <openssl/comp.h> +#endif #include <ctype.h> int set_hex(char *in,unsigned char *out,int size); @@ -337,6 +339,12 @@ bad: goto end; } + if (cipher && (EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE)) + { + BIO_printf(bio_err, "Ciphers in XTS mode are not supported by the enc utility\n"); + goto end; + } + if (md && (dgst=EVP_get_digestbyname(md)) == NULL) { BIO_printf(bio_err,"%s is an unsupported message digest type\n",md); diff --git a/ics-openvpn-stripped/main/openssl/apps/ocsp.c b/ics-openvpn-stripped/main/openssl/apps/ocsp.c index 767f12c6..04263ffd 100644 --- a/ics-openvpn-stripped/main/openssl/apps/ocsp.c +++ b/ics-openvpn-stripped/main/openssl/apps/ocsp.c @@ -1419,7 +1419,7 @@ OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req, } resp = query_responder(err, cbio, path, headers, req, req_timeout); if (!resp) - BIO_printf(bio_err, "Error querying OCSP responsder\n"); + BIO_printf(bio_err, "Error querying OCSP responder\n"); end: if (cbio) BIO_free_all(cbio); diff --git a/ics-openvpn-stripped/main/openssl/apps/progs.h b/ics-openvpn-stripped/main/openssl/apps/progs.h index dd2298b5..b162055d 100644 --- a/ics-openvpn-stripped/main/openssl/apps/progs.h +++ b/ics-openvpn-stripped/main/openssl/apps/progs.h @@ -107,16 +107,16 @@ FUNCTION functions[] = { {FUNC_TYPE_GENERAL,"gendsa",gendsa_main}, #endif {FUNC_TYPE_GENERAL,"genpkey",genpkey_main}, -#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3)) +#if !defined(OPENSSL_NO_SOCK) {FUNC_TYPE_GENERAL,"s_server",s_server_main}, #endif -#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3)) +#if !defined(OPENSSL_NO_SOCK) {FUNC_TYPE_GENERAL,"s_client",s_client_main}, #endif #ifndef OPENSSL_NO_SPEED {FUNC_TYPE_GENERAL,"speed",speed_main}, #endif -#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3)) +#if !defined(OPENSSL_NO_SOCK) {FUNC_TYPE_GENERAL,"s_time",s_time_main}, #endif {FUNC_TYPE_GENERAL,"version",version_main}, @@ -126,7 +126,7 @@ FUNCTION functions[] = { #endif {FUNC_TYPE_GENERAL,"crl2pkcs7",crl2pkcs7_main}, {FUNC_TYPE_GENERAL,"sess_id",sess_id_main}, -#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3)) +#if !defined(OPENSSL_NO_SOCK) {FUNC_TYPE_GENERAL,"ciphers",ciphers_main}, #endif {FUNC_TYPE_GENERAL,"nseq",nseq_main}, diff --git a/ics-openvpn-stripped/main/openssl/apps/progs.pl b/ics-openvpn-stripped/main/openssl/apps/progs.pl index 39ca8f71..fa6258cf 100644 --- a/ics-openvpn-stripped/main/openssl/apps/progs.pl +++ b/ics-openvpn-stripped/main/openssl/apps/progs.pl @@ -32,7 +32,7 @@ foreach (@ARGV) push(@files,$_); $str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n"; if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/)) - { print "#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))\n${str}#endif\n"; } + { print "#if !defined(OPENSSL_NO_SOCK)\n${str}#endif\n"; } elsif ( ($_ =~ /^speed$/)) { print "#ifndef OPENSSL_NO_SPEED\n${str}#endif\n"; } elsif ( ($_ =~ /^engine$/)) diff --git a/ics-openvpn-stripped/main/openssl/apps/s_client.c b/ics-openvpn-stripped/main/openssl/apps/s_client.c index 299facdc..dfe2de1f 100644 --- a/ics-openvpn-stripped/main/openssl/apps/s_client.c +++ b/ics-openvpn-stripped/main/openssl/apps/s_client.c @@ -290,6 +290,7 @@ static void sc_usage(void) BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR); BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n"); + BIO_printf(bio_err," -verify_return_error - return verification errors\n"); BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n"); BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n"); BIO_printf(bio_err," -key arg - Private key file to use, in cert file if\n"); @@ -300,6 +301,7 @@ static void sc_usage(void) BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n"); BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n"); BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n"); + BIO_printf(bio_err," -prexit - print session information even on connection failure\n"); BIO_printf(bio_err," -showcerts - show all certificates in the chain\n"); BIO_printf(bio_err," -debug - extra output\n"); #ifdef WATT32 diff --git a/ics-openvpn-stripped/main/openssl/apps/s_server.c b/ics-openvpn-stripped/main/openssl/apps/s_server.c index 8198d7f0..fe7ad882 100644 --- a/ics-openvpn-stripped/main/openssl/apps/s_server.c +++ b/ics-openvpn-stripped/main/openssl/apps/s_server.c @@ -463,6 +463,7 @@ static void sv_usage(void) BIO_printf(bio_err," -context arg - set session ID context\n"); BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n"); BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n"); + BIO_printf(bio_err," -verify_return_error - return verification errors\n"); BIO_printf(bio_err," -cert arg - certificate file to use\n"); BIO_printf(bio_err," (default is %s)\n",TEST_CERT); BIO_printf(bio_err," -crl_check - check the peer certificate has not been revoked by its CA.\n" \ @@ -534,6 +535,7 @@ static void sv_usage(void) BIO_printf(bio_err," -no_ecdhe - Disable ephemeral ECDH\n"); #endif BIO_printf(bio_err," -bugs - Turn on SSL bug compatibility\n"); + BIO_printf(bio_err," -hack - workaround for early Netscape code\n"); BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n"); BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n"); BIO_printf(bio_err," -HTTP - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n"); @@ -562,6 +564,10 @@ static void sv_usage(void) #endif BIO_printf(bio_err," -keymatexport label - Export keying material using label\n"); BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n"); + BIO_printf(bio_err," -status - respond to certificate status requests\n"); + BIO_printf(bio_err," -status_verbose - enable status request verbose printout\n"); + BIO_printf(bio_err," -status_timeout n - status request responder timeout\n"); + BIO_printf(bio_err," -status_url URL - status request fallback URL\n"); } static int local_argc=0; @@ -739,7 +745,7 @@ static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg) if (servername) { - if (strcmp(servername,p->servername)) + if (strcasecmp(servername,p->servername)) return p->extension_error; if (ctx2) { @@ -1356,6 +1362,14 @@ bad: sv_usage(); goto end; } +#ifndef OPENSSL_NO_DTLS1 + if (www && socket_type == SOCK_DGRAM) + { + BIO_printf(bio_err, + "Can't use -HTTP, -www or -WWW with DTLS\n"); + goto end; + } +#endif #if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK) if (jpake_secret) |