From c35453897494d2b488961f7a446b4df8e24c6f31 Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Sun, 15 Jun 2014 22:21:10 +0200 Subject: Update OpenSSL to 1.0.1h --- main/openssl/apps/enc.c | 6 ++++++ main/openssl/apps/ocsp.c | 22 ++++++++++++++++------ main/openssl/apps/req.c | 15 +++++++++++++-- main/openssl/apps/s_cb.c | 4 ++++ main/openssl/apps/s_socket.c | 5 ++++- main/openssl/apps/smime.c | 4 ++-- 6 files changed, 45 insertions(+), 11 deletions(-) (limited to 'main/openssl/apps') diff --git a/main/openssl/apps/enc.c b/main/openssl/apps/enc.c index 719acc32..19ea3df9 100644 --- a/main/openssl/apps/enc.c +++ b/main/openssl/apps/enc.c @@ -331,6 +331,12 @@ bad: setup_engine(bio_err, engine, 0); #endif + if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) + { + BIO_printf(bio_err, "AEAD ciphers not supported by the enc utility\n"); + goto end; + } + if (md && (dgst=EVP_get_digestbyname(md)) == NULL) { BIO_printf(bio_err,"%s is an unsupported message digest type\n",md); diff --git a/main/openssl/apps/ocsp.c b/main/openssl/apps/ocsp.c index 83c5a767..767f12c6 100644 --- a/main/openssl/apps/ocsp.c +++ b/main/openssl/apps/ocsp.c @@ -127,6 +127,7 @@ int MAIN(int argc, char **argv) ENGINE *e = NULL; char **args; char *host = NULL, *port = NULL, *path = "/"; + char *thost = NULL, *tport = NULL, *tpath = NULL; char *reqin = NULL, *respin = NULL; char *reqout = NULL, *respout = NULL; char *signfile = NULL, *keyfile = NULL; @@ -204,6 +205,12 @@ int MAIN(int argc, char **argv) } else if (!strcmp(*args, "-url")) { + if (thost) + OPENSSL_free(thost); + if (tport) + OPENSSL_free(tport); + if (tpath) + OPENSSL_free(tpath); if (args[1]) { args++; @@ -212,6 +219,9 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "Error parsing URL\n"); badarg = 1; } + thost = host; + tport = port; + tpath = path; } else badarg = 1; } @@ -920,12 +930,12 @@ end: sk_X509_pop_free(verify_other, X509_free); sk_CONF_VALUE_pop_free(headers, X509V3_conf_free); - if (use_ssl != -1) - { - OPENSSL_free(host); - OPENSSL_free(port); - OPENSSL_free(path); - } + if (thost) + OPENSSL_free(thost); + if (tport) + OPENSSL_free(tport); + if (tpath) + OPENSSL_free(tpath); OPENSSL_EXIT(ret); } diff --git a/main/openssl/apps/req.c b/main/openssl/apps/req.c index 5e034a85..d41385d7 100644 --- a/main/openssl/apps/req.c +++ b/main/openssl/apps/req.c @@ -1489,7 +1489,13 @@ start: #ifdef CHARSET_EBCDIC ebcdic2ascii(buf, buf, i); #endif - if(!req_check_len(i, n_min, n_max)) goto start; + if(!req_check_len(i, n_min, n_max)) + { + if (batch || value) + return 0; + goto start; + } + if (!X509_NAME_add_entry_by_NID(n,nid, chtype, (unsigned char *) buf, -1,-1,mval)) goto err; ret=1; @@ -1548,7 +1554,12 @@ start: #ifdef CHARSET_EBCDIC ebcdic2ascii(buf, buf, i); #endif - if(!req_check_len(i, n_min, n_max)) goto start; + if(!req_check_len(i, n_min, n_max)) + { + if (batch || value) + return 0; + goto start; + } if(!X509_REQ_add1_attr_by_NID(req, nid, chtype, (unsigned char *)buf, -1)) { diff --git a/main/openssl/apps/s_cb.c b/main/openssl/apps/s_cb.c index 84c3b447..146a9607 100644 --- a/main/openssl/apps/s_cb.c +++ b/main/openssl/apps/s_cb.c @@ -747,6 +747,10 @@ void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type, break; #endif + case TLSEXT_TYPE_padding: + extname = "TLS padding"; + break; + default: extname = "unknown"; break; diff --git a/main/openssl/apps/s_socket.c b/main/openssl/apps/s_socket.c index 380efdb1..94eb40f3 100644 --- a/main/openssl/apps/s_socket.c +++ b/main/openssl/apps/s_socket.c @@ -274,7 +274,7 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port, int type) { i=0; i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i)); - if (i < 0) { perror("keepalive"); return(0); } + if (i < 0) { closesocket(s); perror("keepalive"); return(0); } } #endif @@ -450,6 +450,7 @@ redoit: if ((*host=(char *)OPENSSL_malloc(strlen(h1->h_name)+1)) == NULL) { perror("OPENSSL_malloc"); + closesocket(ret); return(0); } BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1); @@ -458,11 +459,13 @@ redoit: if (h2 == NULL) { BIO_printf(bio_err,"gethostbyname failure\n"); + closesocket(ret); return(0); } if (h2->h_addrtype != AF_INET) { BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n"); + closesocket(ret); return(0); } } diff --git a/main/openssl/apps/smime.c b/main/openssl/apps/smime.c index c583f8a0..d1fe32d3 100644 --- a/main/openssl/apps/smime.c +++ b/main/openssl/apps/smime.c @@ -541,8 +541,8 @@ int MAIN(int argc, char **argv) { if (!cipher) { -#ifndef OPENSSL_NO_RC2 - cipher = EVP_rc2_40_cbc(); +#ifndef OPENSSL_NO_DES + cipher = EVP_des_ede3_cbc(); #else BIO_printf(bio_err, "No cipher selected\n"); goto end; -- cgit v1.2.3