diff options
author | Arne Schwabe <arne@rfc2549.org> | 2014-04-23 09:56:37 +0200 |
---|---|---|
committer | Arne Schwabe <arne@rfc2549.org> | 2014-04-23 09:56:37 +0200 |
commit | e436c963f0976b885a7db04681344779e26dd3b5 (patch) | |
tree | 240663106f32e02e1c34080656f4ef21a2e1776e /main/openssl/apps/apps.c | |
parent | 6a99715a9b072fa249e79c98cd9f03991f0f1219 (diff) |
Update OpenSSL to 1.0.1g and statically link OpenVPN with it
Diffstat (limited to 'main/openssl/apps/apps.c')
-rw-r--r-- | main/openssl/apps/apps.c | 125 |
1 files changed, 78 insertions, 47 deletions
diff --git a/main/openssl/apps/apps.c b/main/openssl/apps/apps.c index 38e61970..1096eee4 100644 --- a/main/openssl/apps/apps.c +++ b/main/openssl/apps/apps.c @@ -109,7 +109,7 @@ * */ -#ifndef _POSIX_C_SOURCE +#if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS) #define _POSIX_C_SOURCE 2 /* On VMS, you need to define this to get the declaration of fileno(). The value 2 is to make sure no function defined @@ -1215,7 +1215,8 @@ STACK_OF(X509) *load_certs(BIO *err, const char *file, int format, const char *pass, ENGINE *e, const char *desc) { STACK_OF(X509) *certs; - load_certs_crls(err, file, format, pass, e, desc, &certs, NULL); + if (!load_certs_crls(err, file, format, pass, e, desc, &certs, NULL)) + return NULL; return certs; } @@ -1223,7 +1224,8 @@ STACK_OF(X509_CRL) *load_crls(BIO *err, const char *file, int format, const char *pass, ENGINE *e, const char *desc) { STACK_OF(X509_CRL) *crls; - load_certs_crls(err, file, format, pass, e, desc, NULL, &crls); + if (!load_certs_crls(err, file, format, pass, e, desc, NULL, &crls)) + return NULL; return crls; } @@ -2130,7 +2132,7 @@ X509_NAME *parse_name(char *subject, long chtype, int multirdn) X509_NAME *n = NULL; int nid; - if (!buf || !ne_types || !ne_values) + if (!buf || !ne_types || !ne_values || !mval) { BIO_printf(bio_err, "malloc error\n"); goto error; @@ -2234,6 +2236,7 @@ X509_NAME *parse_name(char *subject, long chtype, int multirdn) OPENSSL_free(ne_values); OPENSSL_free(ne_types); OPENSSL_free(buf); + OPENSSL_free(mval); return n; error: @@ -2242,6 +2245,8 @@ error: OPENSSL_free(ne_values); if (ne_types) OPENSSL_free(ne_types); + if (mval) + OPENSSL_free(mval); if (buf) OPENSSL_free(buf); return NULL; @@ -2256,6 +2261,7 @@ int args_verify(char ***pargs, int *pargc, int purpose = 0, depth = -1; char **oldargs = *pargs; char *arg = **pargs, *argn = (*pargs)[1]; + time_t at_time = 0; if (!strcmp(arg, "-policy")) { if (!argn) @@ -2308,6 +2314,27 @@ int args_verify(char ***pargs, int *pargc, } (*pargs)++; } + else if (strcmp(arg,"-attime") == 0) + { + if (!argn) + *badarg = 1; + else + { + long timestamp; + /* interpret the -attime argument as seconds since + * Epoch */ + if (sscanf(argn, "%li", ×tamp) != 1) + { + BIO_printf(bio_err, + "Error parsing timestamp %s\n", + argn); + *badarg = 1; + } + /* on some platforms time_t may be a float */ + at_time = (time_t) timestamp; + } + (*pargs)++; + } else if (!strcmp(arg, "-ignore_critical")) flags |= X509_V_FLAG_IGNORE_CRITICAL; else if (!strcmp(arg, "-issuer_checks")) @@ -2362,6 +2389,9 @@ int args_verify(char ***pargs, int *pargc, if (depth >= 0) X509_VERIFY_PARAM_set_depth(*pm, depth); + if (at_time) + X509_VERIFY_PARAM_set_time(*pm, at_time); + end: (*pargs)++; @@ -2693,6 +2723,50 @@ void jpake_server_auth(BIO *out, BIO *conn, const char *secret) #endif +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) +/* next_protos_parse parses a comma separated list of strings into a string + * in a format suitable for passing to SSL_CTX_set_next_protos_advertised. + * outlen: (output) set to the length of the resulting buffer on success. + * err: (maybe NULL) on failure, an error message line is written to this BIO. + * in: a NUL termianted string like "abc,def,ghi" + * + * returns: a malloced buffer or NULL on failure. + */ +unsigned char *next_protos_parse(unsigned short *outlen, const char *in) + { + size_t len; + unsigned char *out; + size_t i, start = 0; + + len = strlen(in); + if (len >= 65535) + return NULL; + + out = OPENSSL_malloc(strlen(in) + 1); + if (!out) + return NULL; + + for (i = 0; i <= len; ++i) + { + if (i == len || in[i] == ',') + { + if (i - start > 255) + { + OPENSSL_free(out); + return NULL; + } + out[start] = i - start; + start = i + 1; + } + else + out[i+1] = in[i]; + } + + *outlen = len + 1; + return out; + } +#endif /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */ + /* * Platform-specific sections */ @@ -3018,46 +3092,3 @@ int raw_write_stdout(const void *buf,int siz) int raw_write_stdout(const void *buf,int siz) { return write(fileno(stdout),buf,siz); } #endif - -#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) -/* next_protos_parse parses a comma separated list of strings into a string - * in a format suitable for passing to SSL_CTX_set_next_protos_advertised. - * outlen: (output) set to the length of the resulting buffer on success. - * in: a NUL termianted string like "abc,def,ghi" - * - * returns: a malloced buffer or NULL on failure. - */ -unsigned char *next_protos_parse(unsigned short *outlen, const char *in) - { - size_t len; - unsigned char *out; - size_t i, start = 0; - - len = strlen(in); - if (len >= 65535) - return NULL; - - out = OPENSSL_malloc(strlen(in) + 1); - if (!out) - return NULL; - - for (i = 0; i <= len; ++i) - { - if (i == len || in[i] == ',') - { - if (i - start > 255) - { - OPENSSL_free(out); - return NULL; - } - out[start] = i - start; - start = i + 1; - } - else - out[i+1] = in[i]; - } - - *outlen = len + 1; - return out; - } -#endif /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */ |